VirtualBox

source: vbox/trunk/include/iprt/nt/nt.h@ 73108

Last change on this file since 73108 was 73097, checked in by vboxsync, 6 years ago

*: Made RT_UOFFSETOF, RT_OFFSETOF, RT_UOFFSETOF_ADD and RT_OFFSETOF_ADD work like builtin_offsetof() and require compile time resolvable requests, adding RT_UOFFSETOF_DYN for the dynamic questions that can only be answered at runtime.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 137.5 KB
Line 
1/* $Id: nt.h 73097 2018-07-12 21:06:33Z vboxsync $ */
2/** @file
3 * IPRT - Header for code using the Native NT API.
4 */
5
6/*
7 * Copyright (C) 2010-2017 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27#ifndef ___iprt_nt_nt_h___
28#define ___iprt_nt_nt_h___
29
30/** @def IPRT_NT_MAP_TO_ZW
31 * Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32 * to the APIs (takes care of the previous context checks).
33 */
34#ifdef DOXYGEN_RUNNING
35# define IPRT_NT_MAP_TO_ZW
36#endif
37
38#ifdef IPRT_NT_MAP_TO_ZW
39# define NtQueryInformationFile ZwQueryInformationFile
40# define NtQueryInformationProcess ZwQueryInformationProcess
41# define NtQueryInformationThread ZwQueryInformationThread
42# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
43# define NtQuerySystemInformation ZwQuerySystemInformation
44# define NtQuerySecurityObject ZwQuerySecurityObject
45# define NtSetInformationFile ZwSetInformationFile
46# define NtClose ZwClose
47# define NtCreateFile ZwCreateFile
48# define NtReadFile ZwReadFile
49# define NtWriteFile ZwWriteFile
50# define NtFlushBuffersFile ZwFlushBuffersFile
51/** @todo this is very incomplete! */
52#endif
53
54#include <ntstatus.h>
55
56/*
57 * Hacks common to both base header sets.
58 */
59#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
60#define NtQueryObject Incomplete_NtQueryObject
61#define ZwQueryObject Incomplete_ZwQueryObject
62#define NtSetInformationObject Incomplete_NtSetInformationObject
63#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
64#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
65#define ObjectBasicInformation Incomplete_ObjectBasicInformation
66#define ObjectTypeInformation Incomplete_ObjectTypeInformation
67#define _PEB Incomplete__PEB
68#define PEB Incomplete_PEB
69#define PPEB Incomplete_PPEB
70#define _TEB Incomplete__TEB
71#define TEB Incomplete_TEB
72#define PTEB Incomplete_PTEB
73#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
74#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
75#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
76#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
77#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
78#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
79
80
81
82#ifdef IPRT_NT_USE_WINTERNL
83/*
84 * Use Winternl.h.
85 */
86# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
87# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
88# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
89
90# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
91# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
92# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
93# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
94# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
95# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
96# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
97# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
98# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
99# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
100# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
101# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
102
103# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
104# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
105# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
106
107# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
108# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
109# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
110# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
111# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
112
113# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
114# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
115# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
116# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
117# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
118# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
119# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
120# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
121# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
122# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
123# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
124# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
125# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
126# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
127
128
129# pragma warning(push)
130# pragma warning(disable: 4668)
131# define WIN32_NO_STATUS
132# include <windef.h>
133# include <winnt.h>
134# include <winternl.h>
135# undef WIN32_NO_STATUS
136# include <ntstatus.h>
137# pragma warning(pop)
138
139# ifndef OBJ_DONT_REPARSE
140# define RTNT_NEED_CLIENT_ID
141# endif
142
143# undef _FILE_INFORMATION_CLASS
144# undef FILE_INFORMATION_CLASS
145# undef FileDirectoryInformation
146
147# undef NtQueryInformationProcess
148# undef NtSetInformationProcess
149# undef PROCESSINFOCLASS
150# undef _PROCESSINFOCLASS
151# undef PROCESS_BASIC_INFORMATION
152# undef PPROCESS_BASIC_INFORMATION
153# undef _PROCESS_BASIC_INFORMATION
154# undef ProcessBasicInformation
155# undef ProcessDebugPort
156# undef ProcessWow64Information
157# undef ProcessImageFileName
158# undef ProcessBreakOnTermination
159
160# undef RTL_USER_PROCESS_PARAMETERS
161# undef PRTL_USER_PROCESS_PARAMETERS
162# undef _RTL_USER_PROCESS_PARAMETERS
163
164# undef NtQueryInformationThread
165# undef NtSetInformationThread
166# undef THREADINFOCLASS
167# undef _THREADINFOCLASS
168# undef ThreadIsIoPending
169
170# undef NtQuerySystemInformation
171# undef NtSetSystemInformation
172# undef SYSTEM_INFORMATION_CLASS
173# undef _SYSTEM_INFORMATION_CLASS
174# undef SystemBasicInformation
175# undef SystemPerformanceInformation
176# undef SystemTimeOfDayInformation
177# undef SystemProcessInformation
178# undef SystemProcessorPerformanceInformation
179# undef SystemInterruptInformation
180# undef SystemExceptionInformation
181# undef SystemRegistryQuotaInformation
182# undef SystemLookasideInformation
183# undef SystemPolicyInformation
184
185#else
186/*
187 * Use ntifs.h and wdm.h.
188 */
189# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
190# define FORCEINLINE static __forceinline
191# else
192# define FORCEINLINE static __inline
193# endif
194
195# pragma warning(push)
196# ifdef RT_ARCH_X86
197# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
198# pragma warning(disable: 4163)
199# endif
200# pragma warning(disable: 4668)
201# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
202# if _MSC_VER >= 1800 /*RT_MSC_VER_VC120*/
203# pragma warning(disable:4005) /* sdk/v7.1/include/sal_supp.h(57) : warning C4005: '__useHeader' : macro redefinition */
204# pragma warning(disable:4471) /* wdm.h(11057) : warning C4471: '_POOL_TYPE' : a forward declaration of an unscoped enumeration must have an underlying type (int assumed) */
205# endif
206
207# include <ntifs.h>
208# include <wdm.h>
209
210# ifdef RT_ARCH_X86
211# undef _InterlockedAddLargeStatistic
212# endif
213# pragma warning(pop)
214
215# define IPRT_NT_NEED_API_GROUP_NTIFS
216#endif
217
218#undef RtlFreeUnicodeString
219#undef NtQueryObject
220#undef ZwQueryObject
221#undef NtSetInformationObject
222#undef _OBJECT_INFORMATION_CLASS
223#undef OBJECT_INFORMATION_CLASS
224#undef ObjectBasicInformation
225#undef ObjectTypeInformation
226#undef _PEB
227#undef PEB
228#undef PPEB
229#undef _TEB
230#undef TEB
231#undef PTEB
232#undef _PEB_LDR_DATA
233#undef PEB_LDR_DATA
234#undef PPEB_LDR_DATA
235#undef _KUSER_SHARED_DATA
236#undef KUSER_SHARED_DATA
237#undef PKUSER_SHARED_DATA
238
239
240#include <iprt/types.h>
241#include <iprt/assert.h>
242
243
244/** @name Useful macros
245 * @{ */
246/** Indicates that we're targeting native NT in the current source. */
247#define RTNT_USE_NATIVE_NT 1
248/** Initializes a IO_STATUS_BLOCK. */
249#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
250/** Reinitializes a IO_STATUS_BLOCK. */
251#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
252 do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
253/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
254#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
255/** Constant UNICODE_STRING initializer. */
256#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
257/** @} */
258
259
260/** @name IPRT helper functions for NT
261 * @{ */
262RT_C_DECLS_BEGIN
263
264RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
265 ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
266 PHANDLE phHandle, PULONG_PTR puDisposition);
267RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
268 ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
269RTDECL(int) RTNtPathOpenDirEx(HANDLE hRootDir, struct _UNICODE_STRING *pNtName, ACCESS_MASK fDesiredAccess,
270 ULONG fShareAccess, ULONG fCreateOptions, ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
271RTDECL(int) RTNtPathClose(HANDLE hHandle);
272
273/**
274 * Converts a windows-style path to NT format and encoding.
275 *
276 * @returns IPRT status code.
277 * @param pNtName Where to return the NT name. Free using
278 * RTNtPathFree.
279 * @param phRootDir Where to return the root handle, if applicable.
280 * @param pszPath The UTF-8 path.
281 */
282RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath);
283
284/**
285 * Converts a UTF-16 windows-style path to NT format.
286 *
287 * @returns IPRT status code.
288 * @param pNtName Where to return the NT name. Free using
289 * RTNtPathFree.
290 * @param phRootDir Where to return the root handle, if applicable.
291 * @param pwszPath The UTF-16 windows-style path.
292 * @param cwcPath The max length of the windows-style path in
293 * RTUTF16 units. Use RTSTR_MAX if unknown and @a
294 * pwszPath is correctly terminated.
295 */
296RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
297
298/**
299 * How to handle ascent ('..' relative to a root handle).
300 */
301typedef enum RTNTPATHRELATIVEASCENT
302{
303 kRTNtPathRelativeAscent_Invalid = 0,
304 kRTNtPathRelativeAscent_Allow,
305 kRTNtPathRelativeAscent_Fail,
306 kRTNtPathRelativeAscent_Ignore,
307 kRTNtPathRelativeAscent_End,
308 kRTNtPathRelativeAscent_32BitHack = 0x7fffffff
309} RTNTPATHRELATIVEASCENT;
310
311/**
312 * Converts a relative windows-style path to relative NT format and encoding.
313 *
314 * @returns IPRT status code.
315 * @param pNtName Where to return the NT name. Free using
316 * rtTNtPathToNative with phRootDir set to NULL.
317 * @param phRootDir On input, the handle to the directory the path
318 * is relative to. On output, the handle to
319 * specify as root directory in the object
320 * attributes when accessing the path. If
321 * enmAscent is kRTNtPathRelativeAscent_Allow, it
322 * may have been set to NULL.
323 * @param pszPath The relative UTF-8 path.
324 * @param enmAscent How to handle ascent.
325 * @param fMustReturnAbsolute Must convert to an absolute path. This
326 * is necessary if the root dir is a NT directory
327 * object (e.g. /Devices) since they cannot parse
328 * relative paths it seems.
329 */
330RTDECL(int) RTNtPathRelativeFromUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath,
331 RTNTPATHRELATIVEASCENT enmAscent, bool fMustReturnAbsolute);
332
333/**
334 * Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
335 * chars plus a terminator.
336 *
337 * The NT string must have been returned by RTNtPathFromWinUtf8 or
338 * RTNtPathFromWinUtf16Ex.
339 *
340 * @returns IPRT status code.
341 * @param pNtName The NT path string.
342 * @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
343 * @sa RTNtPathFree
344 */
345RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
346
347/**
348 * Frees the native path and root handle.
349 *
350 * @param pNtName The NT path after a successful rtNtPathToNative
351 * call or RTNtPathRelativeFromUtf8.
352 * @param phRootDir The root handle variable from rtNtPathToNative,
353 */
354RTDECL(void) RTNtPathFree(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir);
355
356
357/**
358 * Checks whether the path could be containing alternative 8.3 names generated
359 * by NTFS, FAT, or other similar file systems.
360 *
361 * @returns Pointer to the first component that might be an 8.3 name, NULL if
362 * not 8.3 path.
363 * @param pwszPath The path to check.
364 *
365 * @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
366 * however, non-tilde 8.3 aliases are probably rare enough to not be
367 * worth all the extra code necessary to open each path component and
368 * check if we've got the short name or not.
369 */
370RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
371
372/**
373 * Fixes up a path possibly containing one or more alternative 8-dot-3 style
374 * components.
375 *
376 * The path is fixed up in place. Errors are ignored.
377 *
378 * @returns VINF_SUCCESS if it all went smoothly, informational status codes
379 * indicating the nature of last problem we ran into.
380 *
381 * @param pUniStr The path to fix up. MaximumLength is the max buffer
382 * length.
383 * @param fPathOnly Whether to only process the path and leave the filename
384 * as passed in.
385 */
386RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
387
388
389RT_C_DECLS_END
390/** @} */
391
392
393/** @name NT API delcarations.
394 * @{ */
395RT_C_DECLS_BEGIN
396
397/** @name Process access rights missing in ntddk headers
398 * @{ */
399#ifndef PROCESS_TERMINATE
400# define PROCESS_TERMINATE UINT32_C(0x00000001)
401#endif
402#ifndef PROCESS_CREATE_THREAD
403# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
404#endif
405#ifndef PROCESS_SET_SESSIONID
406# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
407#endif
408#ifndef PROCESS_VM_OPERATION
409# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
410#endif
411#ifndef PROCESS_VM_READ
412# define PROCESS_VM_READ UINT32_C(0x00000010)
413#endif
414#ifndef PROCESS_VM_WRITE
415# define PROCESS_VM_WRITE UINT32_C(0x00000020)
416#endif
417#ifndef PROCESS_DUP_HANDLE
418# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
419#endif
420#ifndef PROCESS_CREATE_PROCESS
421# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
422#endif
423#ifndef PROCESS_SET_QUOTA
424# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
425#endif
426#ifndef PROCESS_SET_INFORMATION
427# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
428#endif
429#ifndef PROCESS_QUERY_INFORMATION
430# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
431#endif
432#ifndef PROCESS_SUSPEND_RESUME
433# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
434#endif
435#ifndef PROCESS_QUERY_LIMITED_INFORMATION
436# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
437#endif
438#ifndef PROCESS_SET_LIMITED_INFORMATION
439# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
440#endif
441#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
442#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
443#ifndef PROCESS_ALL_ACCESS
444# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | UINT32_C(0x0000ffff) )
445#endif
446/** @} */
447
448/** @name Thread access rights missing in ntddk headers
449 * @{ */
450#ifndef THREAD_QUERY_INFORMATION
451# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
452#endif
453#ifndef THREAD_SET_THREAD_TOKEN
454# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
455#endif
456#ifndef THREAD_IMPERSONATE
457# define THREAD_IMPERSONATE UINT32_C(0x00000100)
458#endif
459#ifndef THREAD_DIRECT_IMPERSONATION
460# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
461#endif
462#ifndef THREAD_RESUME
463# define THREAD_RESUME UINT32_C(0x00001000)
464#endif
465#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
466#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
467#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
468/** @} */
469
470/** @name Special handle values.
471 * @{ */
472#ifndef NtCurrentProcess
473# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
474#endif
475#ifndef NtCurrentThread
476# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
477#endif
478#ifndef ZwCurrentProcess
479# define ZwCurrentProcess() NtCurrentProcess()
480#endif
481#ifndef ZwCurrentThread
482# define ZwCurrentThread() NtCurrentThread()
483#endif
484/** @} */
485
486
487/** @name Directory object access rights.
488 * @{ */
489#ifndef DIRECTORY_QUERY
490# define DIRECTORY_QUERY UINT32_C(0x00000001)
491#endif
492#ifndef DIRECTORY_TRAVERSE
493# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
494#endif
495#ifndef DIRECTORY_CREATE_OBJECT
496# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
497#endif
498#ifndef DIRECTORY_CREATE_SUBDIRECTORY
499# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
500#endif
501#ifndef DIRECTORY_ALL_ACCESS
502# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | UINT32_C(0x0000000f) )
503#endif
504/** @} */
505
506
507
508#ifdef RTNT_NEED_CLIENT_ID
509typedef struct _CLIENT_ID
510{
511 HANDLE UniqueProcess;
512 HANDLE UniqueThread;
513} CLIENT_ID;
514#endif
515#ifdef IPRT_NT_USE_WINTERNL
516typedef CLIENT_ID *PCLIENT_ID;
517#endif
518
519/** Extended affinity type, introduced in Windows 7 (?). */
520typedef struct _KAFFINITY_EX
521{
522 /** Count of valid bitmap entries. */
523 uint16_t Count;
524 /** Count of allocated bitmap entries. */
525 uint16_t Size;
526 /** Reserved / aligmment padding. */
527 uint32_t Reserved;
528 /** Bitmap where one bit corresponds to a CPU. */
529 uintptr_t Bitmap[20];
530} KAFFINITY_EX;
531typedef KAFFINITY_EX *PKAFFINITY_EX;
532typedef KAFFINITY_EX const *PCKAFFINITY_EX;
533
534/** @name User Shared Data
535 * @{ */
536
537#ifdef IPRT_NT_USE_WINTERNL
538typedef struct _KSYSTEM_TIME
539{
540 ULONG LowPart;
541 LONG High1Time;
542 LONG High2Time;
543} KSYSTEM_TIME;
544typedef KSYSTEM_TIME *PKSYSTEM_TIME;
545
546typedef enum _NT_PRODUCT_TYPE
547{
548 NtProductWinNt = 1,
549 NtProductLanManNt,
550 NtProductServer
551} NT_PRODUCT_TYPE;
552
553#define PROCESSOR_FEATURE_MAX 64
554
555typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
556{
557 StandardDesign = 0,
558 NEC98x86,
559 EndAlternatives
560} ALTERNATIVE_ARCHITECTURE_TYPE;
561
562# if 0
563typedef struct _XSTATE_FEATURE
564{
565 ULONG Offset;
566 ULONG Size;
567} XSTATE_FEATURE;
568typedef XSTATE_FEATURE *PXSTATE_FEATURE;
569
570#define MAXIMUM_XSTATE_FEATURES 64
571
572typedef struct _XSTATE_CONFIGURATION
573{
574 ULONG64 EnabledFeatures;
575 ULONG Size;
576 ULONG OptimizedSave : 1;
577 XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
578} XSTATE_CONFIGURATION;
579typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
580# endif
581#endif /* IPRT_NT_USE_WINTERNL */
582
583typedef struct _KUSER_SHARED_DATA
584{
585 ULONG TickCountLowDeprecated; /**< 0x000 */
586 ULONG TickCountMultiplier; /**< 0x004 */
587 KSYSTEM_TIME volatile InterruptTime; /**< 0x008 */
588 KSYSTEM_TIME volatile SystemTime; /**< 0x014 */
589 KSYSTEM_TIME volatile TimeZoneBias; /**< 0x020 */
590 USHORT ImageNumberLow; /**< 0x02c */
591 USHORT ImageNumberHigh; /**< 0x02e */
592 WCHAR NtSystemRoot[260]; /**< 0x030 - Seems to be last member in NT 3.51. */
593 ULONG MaxStackTraceDepth; /**< 0x238 */
594 ULONG CryptoExponent; /**< 0x23c */
595 ULONG TimeZoneId; /**< 0x240 */
596 ULONG LargePageMinimum; /**< 0x244 */
597 ULONG AitSamplingValue; /**< 0x248 */
598 ULONG AppCompatFlag; /**< 0x24c */
599 ULONGLONG RNGSeedVersion; /**< 0x250 */
600 ULONG GlobalValidationRunlevel; /**< 0x258 */
601 LONG volatile TimeZoneBiasStamp; /**< 0x25c*/
602 ULONG Reserved2; /**< 0x260 */
603 NT_PRODUCT_TYPE NtProductType; /**< 0x264 */
604 BOOLEAN ProductTypeIsValid; /**< 0x268 */
605 BOOLEAN Reserved0[1]; /**< 0x269 */
606 USHORT NativeProcessorArchitecture; /**< 0x26a */
607 ULONG NtMajorVersion; /**< 0x26c */
608 ULONG NtMinorVersion; /**< 0x270 */
609 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /**< 0x274 */
610 ULONG Reserved1; /**< 0x2b4 */
611 ULONG Reserved3; /**< 0x2b8 */
612 ULONG volatile TimeSlip; /**< 0x2bc */
613 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /**< 0x2c0 */
614 ULONG AltArchitecturePad[1]; /**< 0x2c4 */
615 LARGE_INTEGER SystemExpirationDate; /**< 0x2c8 */
616 ULONG SuiteMask; /**< 0x2d0 */
617 BOOLEAN KdDebuggerEnabled; /**< 0x2d4 */
618 union /**< 0x2d5 */
619 {
620 UCHAR MitigationPolicies; /**< 0x2d5 */
621 struct
622 {
623 UCHAR NXSupportPolicy : 2;
624 UCHAR SEHValidationPolicy : 2;
625 UCHAR CurDirDevicesSkippedForDlls : 2;
626 UCHAR Reserved : 2;
627 };
628 };
629 UCHAR Reserved6[2]; /**< 0x2d6 */
630 ULONG volatile ActiveConsoleId; /**< 0x2d8 */
631 ULONG volatile DismountCount; /**< 0x2dc */
632 ULONG ComPlusPackage; /**< 0x2e0 */
633 ULONG LastSystemRITEventTickCount; /**< 0x2e4 */
634 ULONG NumberOfPhysicalPages; /**< 0x2e8 */
635 BOOLEAN SafeBootMode; /**< 0x2ec */
636 UCHAR Reserved12[3]; /**< 0x2ed */
637 union /**< 0x2f0 */
638 {
639 ULONG SharedDataFlags; /**< 0x2f0 */
640 struct
641 {
642 ULONG DbgErrorPortPresent : 1;
643 ULONG DbgElevationEnabled : 1;
644 ULONG DbgVirtEnabled : 1;
645 ULONG DbgInstallerDetectEnabled : 1;
646 ULONG DbgLkgEnabled : 1;
647 ULONG DbgDynProcessorEnabled : 1;
648 ULONG DbgConsoleBrokerEnabled : 1;
649 ULONG DbgSecureBootEnabled : 1;
650 ULONG SpareBits : 24;
651 };
652 };
653 ULONG DataFlagsPad[1]; /**< 0x2f4 */
654 ULONGLONG TestRetInstruction; /**< 0x2f8 */
655 LONGLONG QpcFrequency; /**< 0x300 */
656 ULONGLONG SystemCallPad[3]; /**< 0x308 */
657 union /**< 0x320 */
658 {
659 ULONG64 volatile TickCountQuad; /**< 0x320 */
660 KSYSTEM_TIME volatile TickCount; /**< 0x320 */
661 struct /**< 0x320 */
662 {
663 ULONG ReservedTickCountOverlay[3]; /**< 0x320 */
664 ULONG TickCountPad[1]; /**< 0x32c */
665 };
666 };
667 ULONG Cookie; /**< 0x330 */
668 ULONG CookiePad[1]; /**< 0x334 */
669 LONGLONG ConsoleSessionForegroundProcessId; /**< 0x338 */
670 ULONGLONG TimeUpdateLock; /**< 0x340 */
671 ULONGLONG BaselineSystemTimeQpc; /**< 0x348 */
672 ULONGLONG BaselineInterruptTimeQpc; /**< 0x350 */
673 ULONGLONG QpcSystemTimeIncrement; /**< 0x358 */
674 ULONGLONG QpcInterruptTimeIncrement; /**< 0x360 */
675 ULONG QpcSystemTimeIncrement32; /**< 0x368 */
676 ULONG QpcInterruptTimeIncrement32; /**< 0x36c */
677 UCHAR QpcSystemTimeIncrementShift; /**< 0x370 */
678 UCHAR QpcInterruptTimeIncrementShift; /**< 0x371 */
679 UCHAR Reserved8[14]; /**< 0x372 */
680 USHORT UserModeGlobalLogger[16]; /**< 0x380 */
681 ULONG ImageFileExecutionOptions; /**< 0x3a0 */
682 ULONG LangGenerationCount; /**< 0x3a4 */
683 ULONGLONG Reserved4; /**< 0x3a8 */
684 ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 - What QueryUnbiasedInterruptTimePrecise
685 * subtracts from interrupt time. */
686 ULONGLONG volatile QpcBias; /**< 0x3b8 */
687 ULONG volatile ActiveProcessorCount; /**< 0x3c0 */
688 UCHAR volatile ActiveGroupCount; /**< 0x3c4 */
689 UCHAR Reserved9; /**< 0x3c5 */
690 union /**< 0x3c6 */
691 {
692 USHORT QpcData; /**< 0x3c6 */
693 struct /**< 0x3c6 */
694 {
695 BOOLEAN volatile QpcBypassEnabled; /**< 0x3c6 */
696 UCHAR QpcShift; /**< 0x3c7 */
697 };
698 };
699 LARGE_INTEGER TimeZoneBiasEffectiveStart; /**< 0x3c8 */
700 LARGE_INTEGER TimeZoneBiasEffectiveEnd; /**< 0x3d0 */
701 XSTATE_CONFIGURATION XState; /**< 0x3d8 */
702} KUSER_SHARED_DATA;
703typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
704AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
705AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
706AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
707AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
708AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
709AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
710AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
711AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
712AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
713/** @def MM_SHARED_USER_DATA_VA
714 * Read only userland mapping of KUSER_SHARED_DATA. */
715#ifndef MM_SHARED_USER_DATA_VA
716# if ARCH_BITS == 32
717# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
718# elif ARCH_BITS == 64
719# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
720# else
721# error "Unsupported/undefined ARCH_BITS value."
722# endif
723#endif
724/** @def KI_USER_SHARED_DATA
725 * Read write kernel mapping of KUSER_SHARED_DATA. */
726#ifndef KI_USER_SHARED_DATA
727# ifdef RT_ARCH_X86
728# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
729# elif defined(RT_ARCH_AMD64)
730# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
731# else
732# error "PORT ME - KI_USER_SHARED_DATA"
733# endif
734#endif
735/** @} */
736
737
738/** @name Process And Thread Environment Blocks
739 * @{ */
740
741typedef struct _PEB_LDR_DATA
742{
743 uint32_t Length;
744 BOOLEAN Initialized;
745 BOOLEAN Padding[3];
746 HANDLE SsHandle;
747 LIST_ENTRY InLoadOrderModuleList;
748 LIST_ENTRY InMemoryOrderModuleList;
749 LIST_ENTRY InInitializationOrderModuleList;
750 /* End NT4 */
751 LIST_ENTRY *EntryInProgress;
752 BOOLEAN ShutdownInProgress;
753 HANDLE ShutdownThreadId;
754} PEB_LDR_DATA;
755typedef PEB_LDR_DATA *PPEB_LDR_DATA;
756
757typedef struct _PEB_COMMON
758{
759 BOOLEAN InheritedAddressSpace; /**< 0x000 / 0x000 */
760 BOOLEAN ReadImageFileExecOptions; /**< 0x001 / 0x001 */
761 BOOLEAN BeingDebugged; /**< 0x002 / 0x002 */
762 union
763 {
764 uint8_t BitField; /**< 0x003 / 0x003 */
765 struct
766 {
767 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
768 } Common;
769 struct
770 {
771 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
772 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
773 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 */
774 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 */
775 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 */
776 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 */
777 uint8_t IsProtectedProcessLight : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 */
778 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
779 } W81;
780 struct
781 {
782 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
783 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
784 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 */
785 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 */
786 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 */
787 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 */
788 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 */
789 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
790 } W80;
791 struct
792 {
793 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
794 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
795 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. */
796 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. */
797 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. */
798 uint8_t SpareBits : 3; /**< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. */
799 } W7;
800 struct
801 {
802 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
803 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
804 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. */
805 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. */
806 uint8_t SpareBits : 4; /**< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. */
807 } W6;
808 struct
809 {
810 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
811 uint8_t SpareBits : 7; /**< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. */
812 } W52;
813 struct
814 {
815 BOOLEAN SpareBool;
816 } W51;
817 } Diff0;
818#if ARCH_BITS == 64
819 uint32_t Padding0; /**< 0x004 / NA */
820#endif
821 HANDLE Mutant; /**< 0x008 / 0x004 */
822 PVOID ImageBaseAddress; /**< 0x010 / 0x008 */
823 PPEB_LDR_DATA Ldr; /**< 0x018 / 0x00c */
824 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /**< 0x020 / 0x010 */
825 PVOID SubSystemData; /**< 0x028 / 0x014 */
826 HANDLE ProcessHeap; /**< 0x030 / 0x018 */
827 struct _RTL_CRITICAL_SECTION *FastPebLock; /**< 0x038 / 0x01c */
828 union
829 {
830 struct
831 {
832 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
833 PVOID IFEOKey; /**< 0x048 / 0x024 */
834 union
835 {
836 ULONG CrossProcessFlags; /**< 0x050 / 0x028 */
837 struct
838 {
839 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
840 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
841 uint32_t ProcessUsingVEH : 1; /**< 0x050 / 0x028: Pos 2, 1 Bit */
842 uint32_t ProcessUsingVCH : 1; /**< 0x050 / 0x028: Pos 3, 1 Bit */
843 uint32_t ProcessUsingFTH : 1; /**< 0x050 / 0x028: Pos 4, 1 Bit */
844 uint32_t ReservedBits0 : 1; /**< 0x050 / 0x028: Pos 5, 27 Bits */
845 } W7, W8, W80, W81;
846 struct
847 {
848 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
849 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
850 uint32_t ReservedBits0 : 30; /**< 0x050 / 0x028: Pos 2, 30 Bits */
851 } W6;
852 };
853#if ARCH_BITS == 64
854 uint32_t Padding1; /**< 0x054 / */
855#endif
856 } W6, W7, W8, W80, W81;
857 struct
858 {
859 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
860 PVOID SparePtr2; /**< 0x048 / 0x024 */
861 uint32_t EnvironmentUpdateCount; /**< 0x050 / 0x028 */
862#if ARCH_BITS == 64
863 uint32_t Padding1; /**< 0x054 / */
864#endif
865 } W52;
866 struct
867 {
868 PVOID FastPebLockRoutine; /**< NA / 0x020 */
869 PVOID FastPebUnlockRoutine; /**< NA / 0x024 */
870 uint32_t EnvironmentUpdateCount; /**< NA / 0x028 */
871 } W51;
872 } Diff1;
873 union
874 {
875 PVOID KernelCallbackTable; /**< 0x058 / 0x02c */
876 PVOID UserSharedInfoPtr; /**< 0x058 / 0x02c - Alternative use in W6.*/
877 };
878 uint32_t SystemReserved; /**< 0x060 / 0x030 */
879 union
880 {
881 struct
882 {
883 uint32_t AtlThunkSListPtr32; /**< 0x064 / 0x034 */
884 } W7, W8, W80, W81;
885 struct
886 {
887 uint32_t SpareUlong; /**< 0x064 / 0x034 */
888 } W52, W6;
889 struct
890 {
891 uint32_t ExecuteOptions : 2; /**< NA / 0x034: Pos 0, 2 Bits */
892 uint32_t SpareBits : 30; /**< NA / 0x034: Pos 2, 30 Bits */
893 } W51;
894 } Diff2;
895 union
896 {
897 struct
898 {
899 PVOID ApiSetMap; /**< 0x068 / 0x038 */
900 } W7, W8, W80, W81;
901 struct
902 {
903 struct _PEB_FREE_BLOCK *FreeList; /**< 0x068 / 0x038 */
904 } W52, W6;
905 struct
906 {
907 struct _PEB_FREE_BLOCK *FreeList; /**< NA / 0x038 */
908 } W51;
909 } Diff3;
910 uint32_t TlsExpansionCounter; /**< 0x070 / 0x03c */
911#if ARCH_BITS == 64
912 uint32_t Padding2; /**< 0x074 / NA */
913#endif
914 struct _RTL_BITMAP *TlsBitmap; /**< 0x078 / 0x040 */
915 uint32_t TlsBitmapBits[2]; /**< 0x080 / 0x044 */
916 PVOID ReadOnlySharedMemoryBase; /**< 0x088 / 0x04c */
917 union
918 {
919 struct
920 {
921 PVOID SparePvoid0; /**< 0x090 / 0x050 - HotpatchInformation before W81. */
922 } W81;
923 struct
924 {
925 PVOID HotpatchInformation; /**< 0x090 / 0x050 - Retired in W81. */
926 } W6, W7, W80;
927 struct
928 {
929 PVOID ReadOnlySharedMemoryHeap;
930 } W52;
931 } Diff4;
932 PVOID *ReadOnlyStaticServerData; /**< 0x098 / 0x054 */
933 PVOID AnsiCodePageData; /**< 0x0a0 / 0x058 */
934 PVOID OemCodePageData; /**< 0x0a8 / 0x05c */
935 PVOID UnicodeCaseTableData; /**< 0x0b0 / 0x060 */
936 uint32_t NumberOfProcessors; /**< 0x0b8 / 0x064 */
937 uint32_t NtGlobalFlag; /**< 0x0bc / 0x068 */
938#if ARCH_BITS == 32
939 uint32_t Padding2b;
940#endif
941 LARGE_INTEGER CriticalSectionTimeout; /**< 0x0c0 / 0x070 */
942 SIZE_T HeapSegmentReserve; /**< 0x0c8 / 0x078 */
943 SIZE_T HeapSegmentCommit; /**< 0x0d0 / 0x07c */
944 SIZE_T HeapDeCommitTotalFreeThreshold; /**< 0x0d8 / 0x080 */
945 SIZE_T HeapDeCommitFreeBlockThreshold; /**< 0x0e0 / 0x084 */
946 uint32_t NumberOfHeaps; /**< 0x0e8 / 0x088 */
947 uint32_t MaximumNumberOfHeaps; /**< 0x0ec / 0x08c */
948 PVOID *ProcessHeaps; /**< 0x0f0 / 0x090 - Last NT 3.51 member. */
949 PVOID GdiSharedHandleTable; /**< 0x0f8 / 0x094 */
950 PVOID ProcessStarterHelper; /**< 0x100 / 0x098 */
951 uint32_t GdiDCAttributeList; /**< 0x108 / 0x09c */
952#if ARCH_BITS == 64
953 uint32_t Padding3; /**< 0x10c / NA */
954#endif
955 struct _RTL_CRITICAL_SECTION *LoaderLock; /**< 0x110 / 0x0a0 */
956 uint32_t OSMajorVersion; /**< 0x118 / 0x0a4 */
957 uint32_t OSMinorVersion; /**< 0x11c / 0x0a8 */
958 uint16_t OSBuildNumber; /**< 0x120 / 0x0ac */
959 uint16_t OSCSDVersion; /**< 0x122 / 0x0ae */
960 uint32_t OSPlatformId; /**< 0x124 / 0x0b0 */
961 uint32_t ImageSubsystem; /**< 0x128 / 0x0b4 */
962 uint32_t ImageSubsystemMajorVersion; /**< 0x12c / 0x0b8 */
963 uint32_t ImageSubsystemMinorVersion; /**< 0x130 / 0x0bc */
964#if ARCH_BITS == 64
965 uint32_t Padding4; /**< 0x134 / NA */
966#endif
967 union
968 {
969 struct
970 {
971 SIZE_T ActiveProcessAffinityMask; /**< 0x138 / 0x0c0 */
972 } W7, W8, W80, W81;
973 struct
974 {
975 SIZE_T ImageProcessAffinityMask; /**< 0x138 / 0x0c0 */
976 } W52, W6;
977 } Diff5;
978 uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /**< 0x140 / 0x0c4 */
979 PVOID PostProcessInitRoutine; /**< 0x230 / 0x14c */
980 PVOID TlsExpansionBitmap; /**< 0x238 / 0x150 */
981 uint32_t TlsExpansionBitmapBits[32]; /**< 0x240 / 0x154 */
982 uint32_t SessionId; /**< 0x2c0 / 0x1d4 */
983#if ARCH_BITS == 64
984 uint32_t Padding5; /**< 0x2c4 / NA */
985#endif
986 ULARGE_INTEGER AppCompatFlags; /**< 0x2c8 / 0x1d8 */
987 ULARGE_INTEGER AppCompatFlagsUser; /**< 0x2d0 / 0x1e0 */
988 PVOID pShimData; /**< 0x2d8 / 0x1e8 */
989 PVOID AppCompatInfo; /**< 0x2e0 / 0x1ec */
990 UNICODE_STRING CSDVersion; /**< 0x2e8 / 0x1f0 */
991 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; /**< 0x2f8 / 0x1f8 */
992 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; /**< 0x300 / 0x1fc */
993 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; /**< 0x308 / 0x200 */
994 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; /**< 0x310 / 0x204 */
995 SIZE_T MinimumStackCommit; /**< 0x318 / 0x208 */
996 /* End of PEB in W52 (Windows XP (RTM))! */
997 struct _FLS_CALLBACK_INFO *FlsCallback; /**< 0x320 / 0x20c */
998 LIST_ENTRY FlsListHead; /**< 0x328 / 0x210 */
999 PVOID FlsBitmap; /**< 0x338 / 0x218 */
1000 uint32_t FlsBitmapBits[4]; /**< 0x340 / 0x21c */
1001 uint32_t FlsHighIndex; /**< 0x350 / 0x22c */
1002 /* End of PEB in W52 (Windows Server 2003)! */
1003 PVOID WerRegistrationData; /**< 0x358 / 0x230 */
1004 PVOID WerShipAssertPtr; /**< 0x360 / 0x234 */
1005 /* End of PEB in W6 (windows Vista)! */
1006 union
1007 {
1008 struct
1009 {
1010 PVOID pUnused; /**< 0x368 / 0x238 - Was pContextData in W7. */
1011 } W8, W80, W81;
1012 struct
1013 {
1014 PVOID pContextData; /**< 0x368 / 0x238 - Retired in W80. */
1015 } W7;
1016 } Diff6;
1017 PVOID pImageHeaderHash; /**< 0x370 / 0x23c */
1018 union
1019 {
1020 uint32_t TracingFlags; /**< 0x378 / 0x240 */
1021 struct
1022 {
1023 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1024 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1025 uint32_t LibLoaderTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 2, 1 Bit */
1026 uint32_t SpareTracingBits : 29; /**< 0x378 / 0x240 : Pos 3, 29 Bits */
1027 } W8, W80, W81;
1028 struct
1029 {
1030 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1031 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1032 uint32_t SpareTracingBits : 30; /**< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 */
1033 } W7;
1034 } Diff7;
1035#if ARCH_BITS == 64
1036 uint32_t Padding6; /**< 0x37c / NA */
1037#endif
1038 uint64_t CsrServerReadOnlySharedMemoryBase; /**< 0x380 / 0x248 */
1039 /* End of PEB in W8, W81. */
1040 uintptr_t TppWorkerpListLock; /**< 0x388 / 0x250 */
1041 LIST_ENTRY TppWorkerpList; /**< 0x390 / 0x254 */
1042 PVOID WaitOnAddressHashTable[128]; /**< 0x3a0 / 0x25c */
1043#if ARCH_BITS == 32
1044 uint32_t ExplicitPadding7; /**< NA NA / 0x45c */
1045#endif
1046} PEB_COMMON;
1047typedef PEB_COMMON *PPEB_COMMON;
1048
1049AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1050AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1051AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1052AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1053AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1054AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1055AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1056AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1057AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1058
1059/** The size of the windows 10 (build 14393) PEB structure. */
1060#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1061/** The size of the windows 8.1 PEB structure. */
1062#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1063/** The size of the windows 8.0 PEB structure. */
1064#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1065/** The size of the windows 7 PEB structure. */
1066#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1067/** The size of the windows vista PEB structure. */
1068#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1069/** The size of the windows server 2003 PEB structure. */
1070#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1071/** The size of the windows XP PEB structure. */
1072#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1073
1074#if 0
1075typedef struct _NT_TIB
1076{
1077 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1078 PVOID StackBase;
1079 PVOID StackLimit;
1080 PVOID SubSystemTib;
1081 union
1082 {
1083 PVOID FiberData;
1084 ULONG Version;
1085 };
1086 PVOID ArbitraryUserPointer;
1087 struct _NT_TIB *Self;
1088} NT_TIB;
1089typedef NT_TIB *PNT_TIB;
1090#endif
1091
1092typedef struct _ACTIVATION_CONTEXT_STACK
1093{
1094 uint32_t Flags;
1095 uint32_t NextCookieSequenceNumber;
1096 PVOID ActiveFrame;
1097 LIST_ENTRY FrameListCache;
1098} ACTIVATION_CONTEXT_STACK;
1099
1100/* Common TEB. */
1101typedef struct _TEB_COMMON
1102{
1103 NT_TIB NtTib; /**< 0x000 / 0x000 */
1104 PVOID EnvironmentPointer; /**< 0x038 / 0x01c */
1105 CLIENT_ID ClientId; /**< 0x040 / 0x020 */
1106 PVOID ActiveRpcHandle; /**< 0x050 / 0x028 */
1107 PVOID ThreadLocalStoragePointer; /**< 0x058 / 0x02c */
1108 PPEB_COMMON ProcessEnvironmentBlock; /**< 0x060 / 0x030 */
1109 uint32_t LastErrorValue; /**< 0x068 / 0x034 */
1110 uint32_t CountOfOwnedCriticalSections; /**< 0x06c / 0x038 */
1111 PVOID CsrClientThread; /**< 0x070 / 0x03c */
1112 PVOID Win32ThreadInfo; /**< 0x078 / 0x040 */
1113 uint32_t User32Reserved[26]; /**< 0x080 / 0x044 */
1114 uint32_t UserReserved[5]; /**< 0x0e8 / 0x0ac */
1115 PVOID WOW32Reserved; /**< 0x100 / 0x0c0 */
1116 uint32_t CurrentLocale; /**< 0x108 / 0x0c4 */
1117 uint32_t FpSoftwareStatusRegister; /**< 0x10c / 0x0c8 */
1118 PVOID SystemReserved1[54]; /**< 0x110 / 0x0cc */
1119 uint32_t ExceptionCode; /**< 0x2c0 / 0x1a4 */
1120#if ARCH_BITS == 64
1121 uint32_t Padding0; /**< 0x2c4 / NA */
1122#endif
1123 union
1124 {
1125 struct
1126 {
1127 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;/**< 0x2c8 / 0x1a8 */
1128 uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /**< 0x2d0 / 0x1ac */
1129 } W52, W6, W7, W8, W80, W81;
1130#if ARCH_BITS == 32
1131 struct
1132 {
1133 ACTIVATION_CONTEXT_STACK ActivationContextStack; /**< NA / 0x1a8 */
1134 uint8_t SpareBytes[20]; /**< NA / 0x1bc */
1135 } W51;
1136#endif
1137 } Diff0;
1138 union
1139 {
1140 struct
1141 {
1142 uint32_t TxFsContext; /**< 0x2e8 / 0x1d0 */
1143 } W6, W7, W8, W80, W81;
1144 struct
1145 {
1146 uint32_t SpareBytesContinues; /**< 0x2e8 / 0x1d0 */
1147 } W52;
1148 } Diff1;
1149#if ARCH_BITS == 64
1150 uint32_t Padding1; /**< 0x2ec / NA */
1151#endif
1152 /*_GDI_TEB_BATCH*/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /**< 0x2f0 / 0x1d4 */
1153 CLIENT_ID RealClientId; /**< 0x7d8 / 0x6b4 */
1154 HANDLE GdiCachedProcessHandle; /**< 0x7e8 / 0x6bc */
1155 uint32_t GdiClientPID; /**< 0x7f0 / 0x6c0 */
1156 uint32_t GdiClientTID; /**< 0x7f4 / 0x6c4 */
1157 PVOID GdiThreadLocalInfo; /**< 0x7f8 / 0x6c8 */
1158 SIZE_T Win32ClientInfo[62]; /**< 0x800 / 0x6cc */
1159 PVOID glDispatchTable[233]; /**< 0x9f0 / 0x7c4 */
1160 SIZE_T glReserved1[29]; /**< 0x1138 / 0xb68 */
1161 PVOID glReserved2; /**< 0x1220 / 0xbdc */
1162 PVOID glSectionInfo; /**< 0x1228 / 0xbe0 */
1163 PVOID glSection; /**< 0x1230 / 0xbe4 */
1164 PVOID glTable; /**< 0x1238 / 0xbe8 */
1165 PVOID glCurrentRC; /**< 0x1240 / 0xbec */
1166 PVOID glContext; /**< 0x1248 / 0xbf0 */
1167 NTSTATUS LastStatusValue; /**< 0x1250 / 0xbf4 */
1168#if ARCH_BITS == 64
1169 uint32_t Padding2; /**< 0x1254 / NA */
1170#endif
1171 UNICODE_STRING StaticUnicodeString; /**< 0x1258 / 0xbf8 */
1172 WCHAR StaticUnicodeBuffer[261]; /**< 0x1268 / 0xc00 */
1173#if ARCH_BITS == 64
1174 WCHAR Padding3[3]; /**< 0x1472 / NA */
1175#endif
1176 PVOID DeallocationStack; /**< 0x1478 / 0xe0c */
1177 PVOID TlsSlots[64]; /**< 0x1480 / 0xe10 */
1178 LIST_ENTRY TlsLinks; /**< 0x1680 / 0xf10 */
1179 PVOID Vdm; /**< 0x1690 / 0xf18 */
1180 PVOID ReservedForNtRpc; /**< 0x1698 / 0xf1c */
1181 PVOID DbgSsReserved[2]; /**< 0x16a0 / 0xf20 */
1182 uint32_t HardErrorMode; /**< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. */
1183#if ARCH_BITS == 64
1184 uint32_t Padding4; /**< 0x16b4 / NA */
1185#endif
1186 PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /**< 0x16b8 / 0xf2c */
1187 union
1188 {
1189 struct
1190 {
1191 GUID ActivityId; /**< 0x1710 / 0xf50 */
1192 PVOID SubProcessTag; /**< 0x1720 / 0xf60 */
1193 } W6, W7, W8, W80, W81;
1194 struct
1195 {
1196 PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /**< 0x1710 / 0xf50 */
1197 } W52;
1198 } Diff2;
1199 union /**< 0x1728 / 0xf64 */
1200 {
1201 struct
1202 {
1203 PVOID PerflibData; /**< 0x1728 / 0xf64 */
1204 } W8, W80, W81;
1205 struct
1206 {
1207 PVOID EtwLocalData; /**< 0x1728 / 0xf64 */
1208 } W7, W6;
1209 struct
1210 {
1211 PVOID SubProcessTag; /**< 0x1728 / 0xf64 */
1212 } W52;
1213 struct
1214 {
1215 PVOID InstrumentationContinues[1]; /**< 0x1728 / 0xf64 */
1216 } W51;
1217 } Diff3;
1218 union
1219 {
1220 struct
1221 {
1222 PVOID EtwTraceData; /**< 0x1730 / 0xf68 */
1223 } W52, W6, W7, W8, W80, W81;
1224 struct
1225 {
1226 PVOID InstrumentationContinues[1]; /**< 0x1730 / 0xf68 */
1227 } W51;
1228 } Diff4;
1229 PVOID WinSockData; /**< 0x1738 / 0xf6c */
1230 uint32_t GdiBatchCount; /**< 0x1740 / 0xf70 */
1231 union
1232 {
1233 union
1234 {
1235 PROCESSOR_NUMBER CurrentIdealProcessor; /**< 0x1744 / 0xf74 - W7+ */
1236 uint32_t IdealProcessorValue; /**< 0x1744 / 0xf74 - W7+ */
1237 struct
1238 {
1239 uint8_t ReservedPad1; /**< 0x1744 / 0xf74 - Called SpareBool0 in W6 */
1240 uint8_t ReservedPad2; /**< 0x1745 / 0xf75 - Called SpareBool0 in W6 */
1241 uint8_t ReservedPad3; /**< 0x1746 / 0xf76 - Called SpareBool0 in W6 */
1242 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1243 };
1244 } W6, W7, W8, W80, W81;
1245 struct
1246 {
1247 BOOLEAN InDbgPrint; /**< 0x1744 / 0xf74 */
1248 BOOLEAN FreeStackOnTermination; /**< 0x1745 / 0xf75 */
1249 BOOLEAN HasFiberData; /**< 0x1746 / 0xf76 */
1250 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1251 } W51, W52;
1252 } Diff5;
1253 uint32_t GuaranteedStackBytes; /**< 0x1748 / 0xf78 */
1254#if ARCH_BITS == 64
1255 uint32_t Padding5; /**< 0x174c / NA */
1256#endif
1257 PVOID ReservedForPerf; /**< 0x1750 / 0xf7c */
1258 PVOID ReservedForOle; /**< 0x1758 / 0xf80 */
1259 uint32_t WaitingOnLoaderLock; /**< 0x1760 / 0xf84 */
1260#if ARCH_BITS == 64
1261 uint32_t Padding6; /**< 0x1764 / NA */
1262#endif
1263 union /**< 0x1770 / 0xf8c */
1264 {
1265 struct
1266 {
1267 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1268 SIZE_T ReservedForCodeCoverage; /**< 0x1770 / 0xf8c */
1269 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1270 } W8, W80, W81;
1271 struct
1272 {
1273 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1274 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1275 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1276 } W6, W7;
1277 struct
1278 {
1279 PVOID SparePointer1; /**< 0x1768 / 0xf88 */
1280 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1281 PVOID SoftPatchPtr2; /**< 0x1778 / 0xf90 */
1282 } W52;
1283#if ARCH_BITS == 32
1284 struct _Wx86ThreadState
1285 {
1286 PVOID CallBx86Eip; /**< NA / 0xf88 */
1287 PVOID DeallocationCpu; /**< NA / 0xf8c */
1288 BOOLEAN UseKnownWx86Dll; /**< NA / 0xf90 */
1289 int8_t OleStubInvoked; /**< NA / 0xf91 */
1290 } W51;
1291#endif
1292 } Diff6;
1293 PVOID TlsExpansionSlots; /**< 0x1780 / 0xf94 */
1294#if ARCH_BITS == 64
1295 PVOID DallocationBStore; /**< 0x1788 / NA */
1296 PVOID BStoreLimit; /**< 0x1790 / NA */
1297#endif
1298 union
1299 {
1300 struct
1301 {
1302 uint32_t MuiGeneration; /**< 0x1798 / 0xf98 */
1303 } W7, W8, W80, W81;
1304 struct
1305 {
1306 uint32_t ImpersonationLocale;
1307 } W6;
1308 } Diff7;
1309 uint32_t IsImpersonating; /**< 0x179c / 0xf9c */
1310 PVOID NlsCache; /**< 0x17a0 / 0xfa0 */
1311 PVOID pShimData; /**< 0x17a8 / 0xfa4 */
1312 union /**< 0x17b0 / 0xfa8 */
1313 {
1314 struct
1315 {
1316 uint16_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1317 uint16_t LowFragHeapDataSlot; /**< 0x17b2 / 0xfaa */
1318 } W8, W80, W81;
1319 struct
1320 {
1321 uint32_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1322 } W7;
1323 } Diff8;
1324#if ARCH_BITS == 64
1325 uint32_t Padding7; /**< 0x17b4 / NA */
1326#endif
1327 HANDLE CurrentTransactionHandle; /**< 0x17b8 / 0xfac */
1328 struct _TEB_ACTIVE_FRAME *ActiveFrame; /**< 0x17c0 / 0xfb0 */
1329 /* End of TEB in W51 (Windows XP)! */
1330 PVOID FlsData; /**< 0x17c8 / 0xfb4 */
1331 union
1332 {
1333 struct
1334 {
1335 PVOID PreferredLanguages; /**< 0x17d0 / 0xfb8 */
1336 } W6, W7, W8, W80, W81;
1337 struct
1338 {
1339 BOOLEAN SafeThunkCall; /**< 0x17d0 / 0xfb8 */
1340 uint8_t BooleanSpare[3]; /**< 0x17d1 / 0xfb9 */
1341 /* End of TEB in W52 (Windows server 2003)! */
1342 } W52;
1343 } Diff9;
1344 PVOID UserPrefLanguages; /**< 0x17d8 / 0xfbc */
1345 PVOID MergedPrefLanguages; /**< 0x17e0 / 0xfc0 */
1346 uint32_t MuiImpersonation; /**< 0x17e8 / 0xfc4 */
1347 union
1348 {
1349 uint16_t CrossTebFlags; /**< 0x17ec / 0xfc8 */
1350 struct
1351 {
1352 uint16_t SpareCrossTebBits : 16; /**< 0x17ec / 0xfc8 : Pos 0, 16 Bits */
1353 };
1354 };
1355 union
1356 {
1357 uint16_t SameTebFlags; /**< 0x17ee / 0xfca */
1358 struct
1359 {
1360 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1361 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1362 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1363 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1364 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1365 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1366 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1367 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1368 } Common;
1369 struct
1370 {
1371 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1372 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1373 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1374 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1375 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1376 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1377 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1378 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1379 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1380 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1381 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1382 uint16_t SessionAware : 1; /**< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. */
1383 uint16_t SpareSameTebBits : 4; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1384 } W8, W80, W81;
1385 struct
1386 {
1387 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1388 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1389 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1390 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1391 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1392 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1393 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1394 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1395 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1396 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1397 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1398 uint16_t SpareSameTebBits : 5; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1399 } W7;
1400 struct
1401 {
1402 uint16_t DbgSafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1403 uint16_t DbgInDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1404 uint16_t DbgHasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1405 uint16_t DbgSkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1406 uint16_t DbgWerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1407 uint16_t DbgRanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1408 uint16_t DbgClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1409 uint16_t DbgSuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1410 uint16_t SpareSameTebBits : 8; /**< 0x17ee / 0xfca : Pos 8, 8 Bits */
1411 } W6;
1412 } Diff10;
1413 PVOID TxnScopeEnterCallback; /**< 0x17f0 / 0xfcc */
1414 PVOID TxnScopeExitCallback; /**< 0x17f8 / 0xfd0 */
1415 PVOID TxnScopeContext; /**< 0x1800 / 0xfd4 */
1416 uint32_t LockCount; /**< 0x1808 / 0xfd8 */
1417 union
1418 {
1419 struct
1420 {
1421 uint32_t SpareUlong0; /**< 0x180c / 0xfdc */
1422 } W7, W8, W80, W81;
1423 struct
1424 {
1425 uint32_t ProcessRundown;
1426 } W6;
1427 } Diff11;
1428 union
1429 {
1430 struct
1431 {
1432 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1433 /* End of TEB in W7 (windows 7)! */
1434 PVOID ReservedForWdf; /**< 0x1818 / 0xfe4 - New Since W7. */
1435 /* End of TEB in W8 (windows 8.0 & 8.1)! */
1436 PVOID ReservedForCrt; /**< 0x1820 / 0xfe8 - New Since W10. */
1437 RTUUID EffectiveContainerId; /**< 0x1828 / 0xfec - New Since W10. */
1438 /* End of TEB in W10 14393! */
1439 } W8, W80, W81, W10;
1440 struct
1441 {
1442 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1443 } W7;
1444 struct
1445 {
1446 uint64_t LastSwitchTime; /**< 0x1810 / 0xfe0 */
1447 uint64_t TotalSwitchOutTime; /**< 0x1818 / 0xfe8 */
1448 LARGE_INTEGER WaitReasonBitMap; /**< 0x1820 / 0xff0 */
1449 /* End of TEB in W6 (windows Vista)! */
1450 } W6;
1451 } Diff12;
1452} TEB_COMMON;
1453typedef TEB_COMMON *PTEB_COMMON;
1454AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1455AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1456AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1457AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1458AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1459AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1460AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1461AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1462AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1463AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1464AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1465AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1466AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1467
1468
1469/** The size of the windows 8.1 PEB structure. */
1470#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1471/** The size of the windows 8.1 PEB structure. */
1472#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1473/** The size of the windows 8.0 PEB structure. */
1474#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1475/** The size of the windows 7 PEB structure. */
1476#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1477/** The size of the windows vista PEB structure. */
1478#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1479/** The size of the windows server 2003 PEB structure. */
1480#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1481/** The size of the windows XP PEB structure. */
1482#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1483
1484
1485
1486#define _PEB _PEB_COMMON
1487typedef PEB_COMMON PEB;
1488typedef PPEB_COMMON PPEB;
1489
1490#define _TEB _TEB_COMMON
1491typedef TEB_COMMON TEB;
1492typedef PTEB_COMMON PTEB;
1493
1494#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1495# ifdef RT_ARCH_X86
1496DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1497DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1498DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1499DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readfsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1500DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1501# elif defined(RT_ARCH_AMD64)
1502DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1503DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1504DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1505DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readgsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1506DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1507# else
1508# error "Port me"
1509# endif
1510#else
1511# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1512# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1513# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1514# define RTNtLastStatusValue() (RTNtCurrentTeb()->LastStatusValue)
1515# define RTNtLastErrorValue() (RTNtCurrentTeb()->LastErrorValue)
1516#endif
1517#define NtCurrentPeb() RTNtCurrentPeb()
1518
1519
1520/** @} */
1521
1522
1523#ifdef IPRT_NT_USE_WINTERNL
1524NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1525typedef enum _SECTION_INHERIT
1526{
1527 ViewShare = 1,
1528 ViewUnmap
1529} SECTION_INHERIT;
1530#endif
1531NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1532 ULONG, ULONG);
1533NTSYSAPI NTSTATUS NTAPI NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1534NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1535
1536#ifdef IPRT_NT_USE_WINTERNL
1537typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1538{
1539 ULONG FileSystemAttributes;
1540 LONG MaximumComponentNameLength;
1541 ULONG FileSystemNameLength;
1542 WCHAR FileSystemName[1];
1543} FILE_FS_ATTRIBUTE_INFORMATION;
1544typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1545
1546#endif
1547NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1548NTSYSAPI NTSTATUS NTAPI ZwOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1549NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1550NTSYSAPI NTSTATUS NTAPI ZwOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1551NTSYSAPI NTSTATUS NTAPI NtAlertThread(HANDLE hThread);
1552#ifdef IPRT_NT_USE_WINTERNL
1553NTSYSAPI NTSTATUS NTAPI ZwAlertThread(HANDLE hThread);
1554#endif
1555
1556#ifdef IPRT_NT_USE_WINTERNL
1557NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1558NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1559#endif
1560NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1561NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1562
1563#ifdef IPRT_NT_USE_WINTERNL
1564typedef enum _FSINFOCLASS
1565{
1566 FileFsVolumeInformation = 1,
1567 FileFsLabelInformation,
1568 FileFsSizeInformation,
1569 FileFsDeviceInformation,
1570 FileFsAttributeInformation,
1571 FileFsControlInformation,
1572 FileFsFullSizeInformation,
1573 FileFsObjectIdInformation,
1574 FileFsDriverPathInformation,
1575 FileFsVolumeFlagsInformation,
1576 FileFsSectorSizeInformation,
1577 FileFsDataCopyInformation,
1578 FileFsMaximumInformation
1579} FS_INFORMATION_CLASS;
1580typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1581NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1582
1583typedef struct _FILE_BOTH_DIR_INFORMATION
1584{
1585 ULONG NextEntryOffset; /**< 0x00: */
1586 ULONG FileIndex; /**< 0x04: */
1587 LARGE_INTEGER CreationTime; /**< 0x08: */
1588 LARGE_INTEGER LastAccessTime; /**< 0x10: */
1589 LARGE_INTEGER LastWriteTime; /**< 0x18: */
1590 LARGE_INTEGER ChangeTime; /**< 0x20: */
1591 LARGE_INTEGER EndOfFile; /**< 0x28: */
1592 LARGE_INTEGER AllocationSize; /**< 0x30: */
1593 ULONG FileAttributes; /**< 0x38: */
1594 ULONG FileNameLength; /**< 0x3c: */
1595 ULONG EaSize; /**< 0x40: */
1596 CCHAR ShortNameLength; /**< 0x44: */
1597 WCHAR ShortName[12]; /**< 0x46: */
1598 WCHAR FileName[1]; /**< 0x5e: */
1599} FILE_BOTH_DIR_INFORMATION;
1600typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1601typedef struct _FILE_BASIC_INFORMATION
1602{
1603 LARGE_INTEGER CreationTime;
1604 LARGE_INTEGER LastAccessTime;
1605 LARGE_INTEGER LastWriteTime;
1606 LARGE_INTEGER ChangeTime;
1607 ULONG FileAttributes;
1608} FILE_BASIC_INFORMATION;
1609typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1610typedef struct _FILE_STANDARD_INFORMATION
1611{
1612 LARGE_INTEGER AllocationSize;
1613 LARGE_INTEGER EndOfFile;
1614 ULONG NumberOfLinks;
1615 BOOLEAN DeletePending;
1616 BOOLEAN Directory;
1617} FILE_STANDARD_INFORMATION;
1618typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1619typedef struct _FILE_NAME_INFORMATION
1620{
1621 ULONG FileNameLength;
1622 WCHAR FileName[1];
1623} FILE_NAME_INFORMATION;
1624typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1625typedef struct _FILE_NETWORK_OPEN_INFORMATION
1626{
1627 LARGE_INTEGER CreationTime;
1628 LARGE_INTEGER LastAccessTime;
1629 LARGE_INTEGER LastWriteTime;
1630 LARGE_INTEGER ChangeTime;
1631 LARGE_INTEGER AllocationSize;
1632 LARGE_INTEGER EndOfFile;
1633 ULONG FileAttributes;
1634} FILE_NETWORK_OPEN_INFORMATION;
1635typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
1636typedef enum _FILE_INFORMATION_CLASS
1637{
1638 FileDirectoryInformation = 1,
1639 FileFullDirectoryInformation,
1640 FileBothDirectoryInformation,
1641 FileBasicInformation,
1642 FileStandardInformation,
1643 FileInternalInformation,
1644 FileEaInformation,
1645 FileAccessInformation,
1646 FileNameInformation,
1647 FileRenameInformation,
1648 FileLinkInformation,
1649 FileNamesInformation,
1650 FileDispositionInformation,
1651 FilePositionInformation,
1652 FileFullEaInformation,
1653 FileModeInformation,
1654 FileAlignmentInformation,
1655 FileAllInformation,
1656 FileAllocationInformation,
1657 FileEndOfFileInformation,
1658 FileAlternateNameInformation,
1659 FileStreamInformation,
1660 FilePipeInformation,
1661 FilePipeLocalInformation,
1662 FilePipeRemoteInformation,
1663 FileMailslotQueryInformation,
1664 FileMailslotSetInformation,
1665 FileCompressionInformation,
1666 FileObjectIdInformation,
1667 FileCompletionInformation,
1668 FileMoveClusterInformation,
1669 FileQuotaInformation,
1670 FileReparsePointInformation,
1671 FileNetworkOpenInformation,
1672 FileAttributeTagInformation,
1673 FileTrackingInformation,
1674 FileIdBothDirectoryInformation,
1675 FileIdFullDirectoryInformation,
1676 FileValidDataLengthInformation,
1677 FileShortNameInformation,
1678 FileIoCompletionNotificationInformation,
1679 FileIoStatusBlockRangeInformation,
1680 FileIoPriorityHintInformation,
1681 FileSfioReserveInformation,
1682 FileSfioVolumeInformation,
1683 FileHardLinkInformation,
1684 FileProcessIdsUsingFileInformation,
1685 FileNormalizedNameInformation,
1686 FileNetworkPhysicalNameInformation,
1687 FileIdGlobalTxDirectoryInformation,
1688 FileIsRemoteDeviceInformation,
1689 FileUnusedInformation,
1690 FileNumaNodeInformation,
1691 FileStandardLinkInformation,
1692 FileRemoteProtocolInformation,
1693 FileRenameInformationBypassAccessCheck,
1694 FileLinkInformationBypassAccessCheck,
1695 FileVolumeNameInformation,
1696 FileIdInformation,
1697 FileIdExtdDirectoryInformation,
1698 FileReplaceCompletionInformation,
1699 FileHardLinkFullIdInformation,
1700 FileMaximumInformation
1701} FILE_INFORMATION_CLASS;
1702typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1703NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1704NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1705 FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1706NTSYSAPI NTSTATUS NTAPI NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1707#endif /* IPRT_NT_USE_WINTERNL */
1708NTSYSAPI NTSTATUS NTAPI NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
1709NTSYSAPI NTSTATUS NTAPI NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
1710
1711
1712/** @name SE_GROUP_XXX - Attributes returned with TokenGroup and others.
1713 * @{ */
1714#ifndef SE_GROUP_MANDATORY
1715# define SE_GROUP_MANDATORY UINT32_C(0x01)
1716#endif
1717#ifndef SE_GROUP_ENABLED_BY_DEFAULT
1718# define SE_GROUP_ENABLED_BY_DEFAULT UINT32_C(0x02)
1719#endif
1720#ifndef SE_GROUP_ENABLED
1721# define SE_GROUP_ENABLED UINT32_C(0x04)
1722#endif
1723#ifndef SE_GROUP_OWNER
1724# define SE_GROUP_OWNER UINT32_C(0x08)
1725#endif
1726#ifndef SE_GROUP_USE_FOR_DENY_ONLY
1727# define SE_GROUP_USE_FOR_DENY_ONLY UINT32_C(0x10)
1728#endif
1729#ifndef SE_GROUP_INTEGRITY
1730# define SE_GROUP_INTEGRITY UINT32_C(0x20)
1731#endif
1732#ifndef SE_GROUP_INTEGRITY_ENABLED
1733# define SE_GROUP_INTEGRITY_ENABLED UINT32_C(0x40)
1734#endif
1735#ifndef SE_GROUP_RESOURCE
1736# define SE_GROUP_RESOURCE UINT32_C(0x20000000)
1737#endif
1738#ifndef SE_GROUP_LOGON_ID
1739# define SE_GROUP_LOGON_ID UINT32_C(0xc0000000)
1740#endif
1741/** @} */
1742
1743
1744#ifdef IPRT_NT_USE_WINTERNL
1745
1746/** For use with KeyBasicInformation. */
1747typedef struct _KEY_BASIC_INFORMATION
1748{
1749 LARGE_INTEGER LastWriteTime;
1750 ULONG TitleIndex;
1751 ULONG NameLength;
1752 WCHAR Name[1];
1753} KEY_BASIC_INFORMATION;
1754typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
1755
1756/** For use with KeyNodeInformation. */
1757typedef struct _KEY_NODE_INFORMATION
1758{
1759 LARGE_INTEGER LastWriteTime;
1760 ULONG TitleIndex;
1761 ULONG ClassOffset; /**< Offset from the start of the structure. */
1762 ULONG ClassLength;
1763 ULONG NameLength;
1764 WCHAR Name[1];
1765} KEY_NODE_INFORMATION;
1766typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
1767
1768/** For use with KeyFullInformation. */
1769typedef struct _KEY_FULL_INFORMATION
1770{
1771 LARGE_INTEGER LastWriteTime;
1772 ULONG TitleIndex;
1773 ULONG ClassOffset; /**< Offset of the Class member. */
1774 ULONG ClassLength;
1775 ULONG SubKeys;
1776 ULONG MaxNameLen;
1777 ULONG MaxClassLen;
1778 ULONG Values;
1779 ULONG MaxValueNameLen;
1780 ULONG MaxValueDataLen;
1781 WCHAR Class[1];
1782} KEY_FULL_INFORMATION;
1783typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
1784
1785/** For use with KeyNameInformation. */
1786typedef struct _KEY_NAME_INFORMATION
1787{
1788 ULONG NameLength;
1789 WCHAR Name[1];
1790} KEY_NAME_INFORMATION;
1791typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
1792
1793/** For use with KeyCachedInformation. */
1794typedef struct _KEY_CACHED_INFORMATION
1795{
1796 LARGE_INTEGER LastWriteTime;
1797 ULONG TitleIndex;
1798 ULONG SubKeys;
1799 ULONG MaxNameLen;
1800 ULONG Values;
1801 ULONG MaxValueNameLen;
1802 ULONG MaxValueDataLen;
1803 ULONG NameLength;
1804} KEY_CACHED_INFORMATION;
1805typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
1806
1807/** For use with KeyVirtualizationInformation. */
1808typedef struct _KEY_VIRTUALIZATION_INFORMATION
1809{
1810 ULONG VirtualizationCandidate : 1;
1811 ULONG VirtualizationEnabled : 1;
1812 ULONG VirtualTarget : 1;
1813 ULONG VirtualStore : 1;
1814 ULONG VirtualSource : 1;
1815 ULONG Reserved : 27;
1816} KEY_VIRTUALIZATION_INFORMATION;
1817typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
1818
1819typedef enum _KEY_INFORMATION_CLASS
1820{
1821 KeyBasicInformation = 0,
1822 KeyNodeInformation,
1823 KeyFullInformation,
1824 KeyNameInformation,
1825 KeyCachedInformation,
1826 KeyFlagsInformation,
1827 KeyVirtualizationInformation,
1828 KeyHandleTagsInformation,
1829 MaxKeyInfoClass
1830} KEY_INFORMATION_CLASS;
1831NTSYSAPI NTSTATUS NTAPI NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1832NTSYSAPI NTSTATUS NTAPI NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1833
1834typedef struct _MEMORY_SECTION_NAME
1835{
1836 UNICODE_STRING SectionFileName;
1837 WCHAR NameBuffer[1];
1838} MEMORY_SECTION_NAME;
1839
1840#ifdef IPRT_NT_USE_WINTERNL
1841typedef struct _PROCESS_BASIC_INFORMATION
1842{
1843 NTSTATUS ExitStatus;
1844 PPEB PebBaseAddress;
1845 ULONG_PTR AffinityMask;
1846 int32_t BasePriority;
1847 ULONG_PTR UniqueProcessId;
1848 ULONG_PTR InheritedFromUniqueProcessId;
1849} PROCESS_BASIC_INFORMATION;
1850typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1851#endif
1852
1853typedef enum _PROCESSINFOCLASS
1854{
1855 ProcessBasicInformation = 0, /**< 0 / 0x00 */
1856 ProcessQuotaLimits, /**< 1 / 0x01 */
1857 ProcessIoCounters, /**< 2 / 0x02 */
1858 ProcessVmCounters, /**< 3 / 0x03 */
1859 ProcessTimes, /**< 4 / 0x04 */
1860 ProcessBasePriority, /**< 5 / 0x05 */
1861 ProcessRaisePriority, /**< 6 / 0x06 */
1862 ProcessDebugPort, /**< 7 / 0x07 */
1863 ProcessExceptionPort, /**< 8 / 0x08 */
1864 ProcessAccessToken, /**< 9 / 0x09 */
1865 ProcessLdtInformation, /**< 10 / 0x0a */
1866 ProcessLdtSize, /**< 11 / 0x0b */
1867 ProcessDefaultHardErrorMode, /**< 12 / 0x0c */
1868 ProcessIoPortHandlers, /**< 13 / 0x0d */
1869 ProcessPooledUsageAndLimits, /**< 14 / 0x0e */
1870 ProcessWorkingSetWatch, /**< 15 / 0x0f */
1871 ProcessUserModeIOPL, /**< 16 / 0x10 */
1872 ProcessEnableAlignmentFaultFixup, /**< 17 / 0x11 */
1873 ProcessPriorityClass, /**< 18 / 0x12 */
1874 ProcessWx86Information, /**< 19 / 0x13 */
1875 ProcessHandleCount, /**< 20 / 0x14 */
1876 ProcessAffinityMask, /**< 21 / 0x15 */
1877 ProcessPriorityBoost, /**< 22 / 0x16 */
1878 ProcessDeviceMap, /**< 23 / 0x17 */
1879 ProcessSessionInformation, /**< 24 / 0x18 */
1880 ProcessForegroundInformation, /**< 25 / 0x19 */
1881 ProcessWow64Information, /**< 26 / 0x1a */
1882 ProcessImageFileName, /**< 27 / 0x1b */
1883 ProcessLUIDDeviceMapsEnabled, /**< 28 / 0x1c */
1884 ProcessBreakOnTermination, /**< 29 / 0x1d */
1885 ProcessDebugObjectHandle, /**< 30 / 0x1e */
1886 ProcessDebugFlags, /**< 31 / 0x1f */
1887 ProcessHandleTracing, /**< 32 / 0x20 */
1888 ProcessIoPriority, /**< 33 / 0x21 */
1889 ProcessExecuteFlags, /**< 34 / 0x22 */
1890 ProcessTlsInformation, /**< 35 / 0x23 */
1891 ProcessCookie, /**< 36 / 0x24 */
1892 ProcessImageInformation, /**< 37 / 0x25 */
1893 ProcessCycleTime, /**< 38 / 0x26 */
1894 ProcessPagePriority, /**< 39 / 0x27 */
1895 ProcessInstrumentationCallbak, /**< 40 / 0x28 */
1896 ProcessThreadStackAllocation, /**< 41 / 0x29 */
1897 ProcessWorkingSetWatchEx, /**< 42 / 0x2a */
1898 ProcessImageFileNameWin32, /**< 43 / 0x2b */
1899 ProcessImageFileMapping, /**< 44 / 0x2c */
1900 ProcessAffinityUpdateMode, /**< 45 / 0x2d */
1901 ProcessMemoryAllocationMode, /**< 46 / 0x2e */
1902 ProcessGroupInformation, /**< 47 / 0x2f */
1903 ProcessTokenVirtualizationEnabled, /**< 48 / 0x30 */
1904 ProcessOwnerInformation, /**< 49 / 0x31 */
1905 ProcessWindowInformation, /**< 50 / 0x32 */
1906 ProcessHandleInformation, /**< 51 / 0x33 */
1907 ProcessMitigationPolicy, /**< 52 / 0x34 */
1908 ProcessDynamicFunctionTableInformation, /**< 53 / 0x35 */
1909 ProcessHandleCheckingMode, /**< 54 / 0x36 */
1910 ProcessKeepAliveCount, /**< 55 / 0x37 */
1911 ProcessRevokeFileHandles, /**< 56 / 0x38 */
1912 ProcessWorkingSetControl, /**< 57 / 0x39 */
1913 ProcessHandleTable, /**< 58 / 0x3a */
1914 ProcessCheckStackExtentsMode, /**< 59 / 0x3b */
1915 ProcessCommandLineInformation, /**< 60 / 0x3c */
1916 ProcessProtectionInformation, /**< 61 / 0x3d */
1917 ProcessMemoryExhaustion, /**< 62 / 0x3e */
1918 ProcessFaultInformation, /**< 63 / 0x3f */
1919 ProcessTelemetryIdInformation, /**< 64 / 0x40 */
1920 ProcessCommitReleaseInformation, /**< 65 / 0x41 */
1921 ProcessDefaultCpuSetsInformation, /**< 66 / 0x42 - aka ProcessReserved1Information */
1922 ProcessAllowedCpuSetsInformation, /**< 67 / 0x43 - aka ProcessReserved2Information; PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10 */
1923 ProcessSubsystemProcess, /**< 68 / 0x44 */
1924 ProcessJobMemoryInformation, /**< 69 / 0x45 */
1925 ProcessInPrivate, /**< 70 / 0x46 */
1926 ProcessRaiseUMExceptionOnInvalidHandleClose,/**< 71 / 0x47 */
1927 ProcessIumChallengeResponse, /**< 72 / 0x48 */
1928 ProcessChildProcessInformation, /**< 73 / 0x49 */
1929 ProcessHighGraphicsPriorityInformation, /**< 74 / 0x4a */
1930 ProcessSubsystemInformation, /**< 75 / 0x4b */
1931 ProcessEnergyValues, /**< 76 / 0x4c */
1932 ProcessPowerThrottlingState, /**< 77 / 0x4d */
1933 ProcessReserved3Information, /**< 78 / 0x4e */
1934 ProcessWin32kSyscallFilterInformation, /**< 79 / 0x4f */
1935 ProcessDisableSystemAllowedCpuSets, /**< 80 / 0x50 */
1936 ProcessWakeInformation, /**< 81 / 0x51 */
1937 ProcessEnergyTrackingState, /**< 82 / 0x52 */
1938 ProcessManageWritesToExecutableMemory, /**< 83 / 0x53 */
1939 ProcessCaptureTrustletLiveDump, /**< 84 / 0x54 */
1940 ProcessTelemetryCoverage, /**< 85 / 0x55 */
1941 ProcessEnclaveInformation, /**< 86 / 0x56 */
1942 ProcessEnableReadWriteVmLogging, /**< 87 / 0x57 */
1943 ProcessUptimeInformation, /**< 88 / 0x58 */
1944 ProcessImageSection, /**< 89 / 0x59 */
1945 ProcessDebugAuthInformation, /**< 90 / 0x5a */
1946 ProcessSystemResourceManagement, /**< 92 / 0x5b */
1947 ProcessSequenceNumber, /**< 93 / 0x5c */
1948 MaxProcessInfoClass
1949} PROCESSINFOCLASS;
1950AssertCompile(ProcessSequenceNumber == 0x5c);
1951NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1952#if ARCH_BITS == 32
1953/** 64-bit API pass thru to WOW64 processes. */
1954NTSYSAPI NTSTATUS NTAPI NtWow64QueryInformationProcess64(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1955#endif
1956
1957typedef enum _THREADINFOCLASS
1958{
1959 ThreadBasicInformation = 0,
1960 ThreadTimes,
1961 ThreadPriority,
1962 ThreadBasePriority,
1963 ThreadAffinityMask,
1964 ThreadImpersonationToken,
1965 ThreadDescriptorTableEntry,
1966 ThreadEnableAlignmentFaultFixup,
1967 ThreadEventPair_Reusable,
1968 ThreadQuerySetWin32StartAddress,
1969 ThreadZeroTlsCell,
1970 ThreadPerformanceCount,
1971 ThreadAmILastThread,
1972 ThreadIdealProcessor,
1973 ThreadPriorityBoost,
1974 ThreadSetTlsArrayAddress,
1975 ThreadIsIoPending,
1976 ThreadHideFromDebugger,
1977 ThreadBreakOnTermination,
1978 ThreadSwitchLegacyState,
1979 ThreadIsTerminated,
1980 ThreadLastSystemCall,
1981 ThreadIoPriority,
1982 ThreadCycleTime,
1983 ThreadPagePriority,
1984 ThreadActualBasePriority,
1985 ThreadTebInformation,
1986 ThreadCSwitchMon,
1987 ThreadCSwitchPmu,
1988 ThreadWow64Context,
1989 ThreadGroupInformation,
1990 ThreadUmsInformation,
1991 ThreadCounterProfiling,
1992 ThreadIdealProcessorEx,
1993 ThreadCpuAccountingInformation,
1994 MaxThreadInfoClass
1995} THREADINFOCLASS;
1996NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1997
1998NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1999NTSYSAPI NTSTATUS NTAPI ZwQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2000
2001NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2002NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2003NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
2004NTSYSAPI NTSTATUS NTAPI NtCancelIoFile(HANDLE, PIO_STATUS_BLOCK);
2005
2006NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
2007NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
2008
2009NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
2010NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
2011NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
2012NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
2013NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
2014NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
2015NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
2016NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
2017NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
2018
2019#endif /* IPRT_NT_USE_WINTERNL */
2020
2021/** For use with ObjectHandleFlagInformation. */
2022typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
2023{
2024 BOOLEAN Inherit;
2025 BOOLEAN ProtectFromClose;
2026} OBJECT_HANDLE_FLAG_INFORMATION;
2027typedef OBJECT_HANDLE_FLAG_INFORMATION *POBJECT_HANDLE_FLAG_INFORMATION;
2028
2029typedef enum _OBJECT_INFORMATION_CLASS
2030{
2031 ObjectBasicInformation = 0,
2032 ObjectNameInformation,
2033 ObjectTypeInformation,
2034 ObjectAllInformation,
2035 ObjectHandleFlagInformation,
2036 ObjectSessionInformation,
2037 MaxObjectInfoClass
2038} OBJECT_INFORMATION_CLASS;
2039typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
2040#ifdef IN_RING0
2041# define NtQueryObject ZwQueryObject
2042#endif
2043NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2044NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
2045NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
2046
2047NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2048
2049typedef struct _OBJECT_DIRECTORY_INFORMATION
2050{
2051 UNICODE_STRING Name;
2052 UNICODE_STRING TypeName;
2053} OBJECT_DIRECTORY_INFORMATION;
2054typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
2055NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
2056
2057NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
2058NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
2059/** @name ProcessDefaultHardErrorMode bit definitions.
2060 * @{ */
2061#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /**< Inverted from the win32 define. */
2062#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
2063#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
2064#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
2065/** @} */
2066NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
2067NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
2068
2069/** Retured by ProcessImageInformation as well as NtQuerySection. */
2070typedef struct _SECTION_IMAGE_INFORMATION
2071{
2072 PVOID TransferAddress;
2073 ULONG ZeroBits;
2074 SIZE_T MaximumStackSize;
2075 SIZE_T CommittedStackSize;
2076 ULONG SubSystemType;
2077 union
2078 {
2079 struct
2080 {
2081 USHORT SubSystemMinorVersion;
2082 USHORT SubSystemMajorVersion;
2083 };
2084 ULONG SubSystemVersion;
2085 };
2086 ULONG GpValue;
2087 USHORT ImageCharacteristics;
2088 USHORT DllCharacteristics;
2089 USHORT Machine;
2090 BOOLEAN ImageContainsCode;
2091 union /**< Since Vista, used to be a spare BOOLEAN. */
2092 {
2093 struct
2094 {
2095 UCHAR ComPlusNativeRead : 1;
2096 UCHAR ComPlusILOnly : 1;
2097 UCHAR ImageDynamicallyRelocated : 1;
2098 UCHAR ImageMAppedFlat : 1;
2099 UCHAR Reserved : 4;
2100 };
2101 UCHAR ImageFlags;
2102 };
2103 ULONG LoaderFlags;
2104 ULONG ImageFileSize; /**< Since XP? */
2105 ULONG CheckSum; /**< Since Vista, Used to be a reserved/spare ULONG. */
2106} SECTION_IMAGE_INFORMATION;
2107typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
2108
2109typedef enum _SECTION_INFORMATION_CLASS
2110{
2111 SectionBasicInformation = 0,
2112 SectionImageInformation,
2113 MaxSectionInfoClass
2114} SECTION_INFORMATION_CLASS;
2115NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2116
2117NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
2118NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2119NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
2120#ifndef SYMBOLIC_LINK_QUERY
2121# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
2122#endif
2123#ifndef SYMBOLIC_LINK_ALL_ACCESS
2124# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYMBOLIC_LINK_QUERY)
2125#endif
2126
2127NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
2128NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
2129NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
2130NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
2131NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
2132NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
2133NTSYSAPI NTSTATUS NTAPI ZwYieldExecution(void);
2134
2135
2136#ifndef SEC_FILE
2137# define SEC_FILE UINT32_C(0x00800000)
2138#endif
2139#ifndef SEC_IMAGE
2140# define SEC_IMAGE UINT32_C(0x01000000)
2141#endif
2142#ifndef SEC_PROTECTED_IMAGE
2143# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
2144#endif
2145#ifndef SEC_NOCACHE
2146# define SEC_NOCACHE UINT32_C(0x10000000)
2147#endif
2148#ifndef MEM_ROTATE
2149# define MEM_ROTATE UINT32_C(0x00800000)
2150#endif
2151typedef enum _MEMORY_INFORMATION_CLASS
2152{
2153 MemoryBasicInformation = 0,
2154 MemoryWorkingSetList,
2155 MemorySectionName,
2156 MemoryBasicVlmInformation
2157} MEMORY_INFORMATION_CLASS;
2158#ifdef IN_RING0
2159typedef struct _MEMORY_BASIC_INFORMATION
2160{
2161 PVOID BaseAddress;
2162 PVOID AllocationBase;
2163 ULONG AllocationProtect;
2164 SIZE_T RegionSize;
2165 ULONG State;
2166 ULONG Protect;
2167 ULONG Type;
2168} MEMORY_BASIC_INFORMATION;
2169typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
2170# define NtQueryVirtualMemory ZwQueryVirtualMemory
2171#endif
2172NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2173#ifdef IPRT_NT_USE_WINTERNL
2174NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
2175#endif
2176NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
2177NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
2178
2179typedef enum _SYSTEM_INFORMATION_CLASS
2180{
2181 SystemBasicInformation = 0,
2182 SystemCpuInformation,
2183 SystemPerformanceInformation,
2184 SystemTimeOfDayInformation,
2185 SystemInformation_Unknown_4,
2186 SystemProcessInformation,
2187 SystemInformation_Unknown_6,
2188 SystemInformation_Unknown_7,
2189 SystemProcessorPerformanceInformation,
2190 SystemInformation_Unknown_9,
2191 SystemInformation_Unknown_10,
2192 SystemModuleInformation,
2193 SystemInformation_Unknown_12,
2194 SystemInformation_Unknown_13,
2195 SystemInformation_Unknown_14,
2196 SystemInformation_Unknown_15,
2197 SystemHandleInformation,
2198 SystemInformation_Unknown_17,
2199 SystemPageFileInformation,
2200 SystemInformation_Unknown_19,
2201 SystemInformation_Unknown_20,
2202 SystemCacheInformation,
2203 SystemInformation_Unknown_22,
2204 SystemInterruptInformation,
2205 SystemDpcBehaviourInformation,
2206 SystemFullMemoryInformation,
2207 SystemLoadGdiDriverInformation, /* 26 */
2208 SystemUnloadGdiDriverInformation, /* 27 */
2209 SystemTimeAdjustmentInformation,
2210 SystemSummaryMemoryInformation,
2211 SystemInformation_Unknown_30,
2212 SystemInformation_Unknown_31,
2213 SystemInformation_Unknown_32,
2214 SystemExceptionInformation,
2215 SystemCrashDumpStateInformation,
2216 SystemKernelDebuggerInformation,
2217 SystemContextSwitchInformation,
2218 SystemRegistryQuotaInformation,
2219 SystemInformation_Unknown_38,
2220 SystemInformation_Unknown_39,
2221 SystemInformation_Unknown_40,
2222 SystemInformation_Unknown_41,
2223 SystemInformation_Unknown_42,
2224 SystemInformation_Unknown_43,
2225 SystemCurrentTimeZoneInformation,
2226 SystemLookasideInformation,
2227 SystemSetTimeSlipEvent,
2228 SystemCreateSession,
2229 SystemDeleteSession,
2230 SystemInformation_Unknown_49,
2231 SystemRangeStartInformation,
2232 SystemVerifierInformation,
2233 SystemInformation_Unknown_52,
2234 SystemSessionProcessInformation,
2235 SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
2236 SystemInformation_Unknown_55,
2237 SystemInformation_Unknown_56,
2238 SystemExtendedProcessInformation,
2239 SystemInformation_Unknown_58,
2240 SystemInformation_Unknown_59,
2241 SystemInformation_Unknown_60,
2242 SystemInformation_Unknown_61,
2243 SystemInformation_Unknown_62,
2244 SystemInformation_Unknown_63,
2245 SystemExtendedHandleInformation, /* 64 */
2246 SystemInformation_Unknown_65,
2247 SystemInformation_Unknown_66,
2248 SystemInformation_Unknown_67,
2249 SystemInformation_Unknown_68,
2250 SystemInformation_HotPatchInfo, /* 69 */
2251 SystemInformation_Unknown_70,
2252 SystemInformation_Unknown_71,
2253 SystemInformation_Unknown_72,
2254 SystemInformation_Unknown_73,
2255 SystemInformation_Unknown_74,
2256 SystemInformation_Unknown_75,
2257 SystemInformation_Unknown_76,
2258 SystemInformation_Unknown_77,
2259 SystemInformation_Unknown_78,
2260 SystemInformation_Unknown_79,
2261 SystemInformation_Unknown_80,
2262 SystemInformation_Unknown_81,
2263 SystemInformation_Unknown_82,
2264 SystemInformation_Unknown_83,
2265 SystemInformation_Unknown_84,
2266 SystemInformation_Unknown_85,
2267 SystemInformation_Unknown_86,
2268 SystemInformation_Unknown_87,
2269 SystemInformation_Unknown_88,
2270 SystemInformation_Unknown_89,
2271 SystemInformation_Unknown_90,
2272 SystemInformation_Unknown_91,
2273 SystemInformation_Unknown_92,
2274 SystemInformation_Unknown_93,
2275 SystemInformation_Unknown_94,
2276 SystemInformation_Unknown_95,
2277 SystemInformation_KiOpPrefetchPatchCount, /* 96 */
2278 SystemInformation_Unknown_97,
2279 SystemInformation_Unknown_98,
2280 SystemInformation_Unknown_99,
2281 SystemInformation_Unknown_100,
2282 SystemInformation_Unknown_101,
2283 SystemInformation_Unknown_102,
2284 SystemInformation_Unknown_103,
2285 SystemInformation_Unknown_104,
2286 SystemInformation_Unknown_105,
2287 SystemInformation_Unknown_107,
2288 SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
2289
2290 /** @todo fill gap. they've added a whole bunch of things */
2291 SystemPolicyInformation = 134,
2292 SystemInformationClassMax
2293} SYSTEM_INFORMATION_CLASS;
2294
2295#ifdef IPRT_NT_USE_WINTERNL
2296typedef struct _VM_COUNTERS
2297{
2298 SIZE_T PeakVirtualSize;
2299 SIZE_T VirtualSize;
2300 ULONG PageFaultCount;
2301 SIZE_T PeakWorkingSetSize;
2302 SIZE_T WorkingSetSize;
2303 SIZE_T QuotaPeakPagedPoolUsage;
2304 SIZE_T QuotaPagedPoolUsage;
2305 SIZE_T QuotaPeakNonPagedPoolUsage;
2306 SIZE_T QuotaNonPagedPoolUsage;
2307 SIZE_T PagefileUsage;
2308 SIZE_T PeakPagefileUsage;
2309} VM_COUNTERS;
2310typedef VM_COUNTERS *PVM_COUNTERS;
2311#endif
2312
2313#if 0
2314typedef struct _IO_COUNTERS
2315{
2316 ULONGLONG ReadOperationCount;
2317 ULONGLONG WriteOperationCount;
2318 ULONGLONG OtherOperationCount;
2319 ULONGLONG ReadTransferCount;
2320 ULONGLONG WriteTransferCount;
2321 ULONGLONG OtherTransferCount;
2322} IO_COUNTERS;
2323typedef IO_COUNTERS *PIO_COUNTERS;
2324#endif
2325
2326typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
2327{
2328 ULONG NextEntryOffset; /**< 0x00 / 0x00 */
2329 ULONG NumberOfThreads; /**< 0x04 / 0x04 */
2330 LARGE_INTEGER Reserved1[3]; /**< 0x08 / 0x08 */
2331 LARGE_INTEGER CreationTime; /**< 0x20 / 0x20 */
2332 LARGE_INTEGER UserTime; /**< 0x28 / 0x28 */
2333 LARGE_INTEGER KernelTime; /**< 0x30 / 0x30 */
2334 UNICODE_STRING ProcessName; /**< 0x38 / 0x38 Clean unicode encoding? */
2335 int32_t BasePriority; /**< 0x40 / 0x48 */
2336 HANDLE UniqueProcessId; /**< 0x44 / 0x50 */
2337 HANDLE ParentProcessId; /**< 0x48 / 0x58 */
2338 ULONG HandleCount; /**< 0x4c / 0x60 */
2339 ULONG Reserved2; /**< 0x50 / 0x64 Session ID? */
2340 ULONG_PTR Reserved3; /**< 0x54 / 0x68 */
2341 VM_COUNTERS VmCounters; /**< 0x58 / 0x70 */
2342 IO_COUNTERS IoCounters; /**< 0x88 / 0xd0 Might not be present in earlier windows versions. */
2343 /* After this follows the threads, then the ProcessName.Buffer. */
2344} RTNT_SYSTEM_PROCESS_INFORMATION;
2345typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
2346#ifndef IPRT_NT_USE_WINTERNL
2347typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
2348typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
2349#endif
2350
2351typedef struct _SYSTEM_HANDLE_ENTRY_INFO
2352{
2353 USHORT UniqueProcessId;
2354 USHORT CreatorBackTraceIndex;
2355 UCHAR ObjectTypeIndex;
2356 UCHAR HandleAttributes;
2357 USHORT HandleValue;
2358 PVOID Object;
2359 ULONG GrantedAccess;
2360} SYSTEM_HANDLE_ENTRY_INFO;
2361typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
2362
2363/** Returned by SystemHandleInformation */
2364typedef struct _SYSTEM_HANDLE_INFORMATION
2365{
2366 ULONG NumberOfHandles;
2367 SYSTEM_HANDLE_ENTRY_INFO Handles[1];
2368} SYSTEM_HANDLE_INFORMATION;
2369typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
2370
2371/** Extended handle information entry.
2372 * @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
2373typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
2374{
2375 PVOID Object;
2376 HANDLE UniqueProcessId;
2377 HANDLE HandleValue;
2378 ACCESS_MASK GrantedAccess;
2379 USHORT CreatorBackTraceIndex;
2380 USHORT ObjectTypeIndex;
2381 ULONG HandleAttributes;
2382 ULONG Reserved;
2383} SYSTEM_HANDLE_ENTRY_INFO_EX;
2384typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
2385
2386/** Returned by SystemExtendedHandleInformation. */
2387typedef struct _SYSTEM_HANDLE_INFORMATION_EX
2388{
2389 ULONG_PTR NumberOfHandles;
2390 ULONG_PTR Reserved;
2391 SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
2392} SYSTEM_HANDLE_INFORMATION_EX;
2393typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
2394
2395/** Returned by SystemSessionProcessInformation. */
2396typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
2397{
2398 ULONG SessionId;
2399 ULONG BufferLength;
2400 /** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
2401 PVOID Buffer;
2402} SYSTEM_SESSION_PROCESS_INFORMATION;
2403typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
2404
2405typedef struct _RTL_PROCESS_MODULE_INFORMATION
2406{
2407 HANDLE Section; /**< 0x00 / 0x00 */
2408 PVOID MappedBase; /**< 0x04 / 0x08 */
2409 PVOID ImageBase; /**< 0x08 / 0x10 */
2410 ULONG ImageSize; /**< 0x0c / 0x18 */
2411 ULONG Flags; /**< 0x10 / 0x1c */
2412 USHORT LoadOrderIndex; /**< 0x14 / 0x20 */
2413 USHORT InitOrderIndex; /**< 0x16 / 0x22 */
2414 USHORT LoadCount; /**< 0x18 / 0x24 */
2415 USHORT OffsetToFileName; /**< 0x1a / 0x26 */
2416 UCHAR FullPathName[256]; /**< 0x1c / 0x28 */
2417} RTL_PROCESS_MODULE_INFORMATION;
2418typedef RTL_PROCESS_MODULE_INFORMATION *PRTL_PROCESS_MODULE_INFORMATION;
2419
2420/** Returned by SystemModuleInformation. */
2421typedef struct _RTL_PROCESS_MODULES
2422{
2423 ULONG NumberOfModules;
2424 RTL_PROCESS_MODULE_INFORMATION Modules[1]; /**< 0x04 / 0x08 */
2425} RTL_PROCESS_MODULES;
2426typedef RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES;
2427
2428NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2429#ifndef IPRT_NT_MAP_TO_ZW
2430NTSYSAPI NTSTATUS NTAPI ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2431#endif
2432
2433NTSYSAPI NTSTATUS NTAPI NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
2434NTSYSAPI NTSTATUS NTAPI NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
2435
2436NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
2437NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
2438#ifndef IPRT_NT_USE_WINTERNL
2439NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
2440#endif
2441typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
2442typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
2443NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
2444
2445NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
2446
2447#ifdef IPRT_NT_USE_WINTERNL
2448typedef enum _EVENT_TYPE
2449{
2450 /* Manual reset event. */
2451 NotificationEvent = 0,
2452 /* Automaitc reset event. */
2453 SynchronizationEvent
2454} EVENT_TYPE;
2455#endif
2456NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
2457NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2458typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
2459NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
2460NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
2461NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
2462typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
2463typedef enum _EVENT_INFORMATION_CLASS
2464{
2465 EventBasicInformation = 0
2466} EVENT_INFORMATION_CLASS;
2467/** Data returned by NtQueryEvent + EventBasicInformation. */
2468typedef struct EVENT_BASIC_INFORMATION
2469{
2470 EVENT_TYPE EventType;
2471 ULONG EventState;
2472} EVENT_BASIC_INFORMATION;
2473typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2474NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2475
2476#ifdef IPRT_NT_USE_WINTERNL
2477/** For NtQueryValueKey. */
2478typedef enum _KEY_VALUE_INFORMATION_CLASS
2479{
2480 KeyValueBasicInformation = 0,
2481 KeyValueFullInformation,
2482 KeyValuePartialInformation,
2483 KeyValueFullInformationAlign64,
2484 KeyValuePartialInformationAlign64
2485} KEY_VALUE_INFORMATION_CLASS;
2486
2487/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2488typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2489{
2490 ULONG TitleIndex;
2491 ULONG Type;
2492 ULONG DataLength;
2493 UCHAR Data[1];
2494} KEY_VALUE_PARTIAL_INFORMATION;
2495typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2496#endif
2497NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2498NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2499
2500
2501NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2502
2503
2504typedef struct _CURDIR
2505{
2506 UNICODE_STRING DosPath;
2507 HANDLE Handle; /**< 0x10 / 0x08 */
2508} CURDIR;
2509AssertCompileSize(CURDIR, ARCH_BITS == 32 ? 0x0c : 0x18);
2510typedef CURDIR *PCURDIR;
2511
2512typedef struct _RTL_DRIVE_LETTER_CURDIR
2513{
2514 USHORT Flags;
2515 USHORT Length;
2516 ULONG TimeStamp;
2517 STRING DosPath; /**< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. */
2518} RTL_DRIVE_LETTER_CURDIR;
2519typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2520
2521typedef struct _RTL_USER_PROCESS_PARAMETERS
2522{
2523 ULONG MaximumLength; /**< 0x000 / 0x000 */
2524 ULONG Length; /**< 0x004 / 0x004 */
2525 ULONG Flags; /**< 0x008 / 0x008 */
2526 ULONG DebugFlags; /**< 0x00c / 0x00c */
2527 HANDLE ConsoleHandle; /**< 0x010 / 0x010 */
2528 ULONG ConsoleFlags; /**< 0x018 / 0x014 */
2529 HANDLE StandardInput; /**< 0x020 / 0x018 */
2530 HANDLE StandardOutput; /**< 0x028 / 0x01c */
2531 HANDLE StandardError; /**< 0x030 / 0x020 */
2532 CURDIR CurrentDirectory; /**< 0x038 / 0x024 */
2533 UNICODE_STRING DllPath; /**< 0x050 / 0x030 */
2534 UNICODE_STRING ImagePathName; /**< 0x060 / 0x038 */
2535 UNICODE_STRING CommandLine; /**< 0x070 / 0x040 */
2536 PWSTR Environment; /**< 0x080 / 0x048 */
2537 ULONG StartingX; /**< 0x088 / 0x04c */
2538 ULONG StartingY; /**< 0x090 / 0x050 */
2539 ULONG CountX; /**< 0x094 / 0x054 */
2540 ULONG CountY; /**< 0x098 / 0x058 */
2541 ULONG CountCharsX; /**< 0x09c / 0x05c */
2542 ULONG CountCharsY; /**< 0x0a0 / 0x060 */
2543 ULONG FillAttribute; /**< 0x0a4 / 0x064 */
2544 ULONG WindowFlags; /**< 0x0a8 / 0x068 */
2545 ULONG ShowWindowFlags; /**< 0x0ac / 0x06c */
2546 UNICODE_STRING WindowTitle; /**< 0x0b0 / 0x070 */
2547 UNICODE_STRING DesktopInfo; /**< 0x0c0 / 0x078 */
2548 UNICODE_STRING ShellInfo; /**< 0x0d0 / 0x080 */
2549 UNICODE_STRING RuntimeInfo; /**< 0x0e0 / 0x088 */
2550 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20]; /**< 0x0f0 / 0x090 */
2551 SIZE_T EnvironmentSize; /**< 0x3f0 / 0x - Added in Vista */
2552 SIZE_T EnvironmentVersion; /**< 0x3f8 / 0x - Added in Windows 7. */
2553 PVOID PackageDependencyData; /**< 0x400 / 0x - Added Windows 8? */
2554 ULONG ProcessGroupId; /**< 0x408 / 0x - Added Windows 8? */
2555 ULONG LoaderThreads; /**< 0x40c / 0x - Added Windows 10? */
2556} RTL_USER_PROCESS_PARAMETERS;
2557typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2558#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2559
2560typedef struct _RTL_USER_PROCESS_INFORMATION
2561{
2562 ULONG Size;
2563 HANDLE ProcessHandle;
2564 HANDLE ThreadHandle;
2565 CLIENT_ID ClientId;
2566 SECTION_IMAGE_INFORMATION ImageInformation;
2567} RTL_USER_PROCESS_INFORMATION;
2568typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2569
2570
2571NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2572 PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2573NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2574 PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2575 PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2576 PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2577 PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2578NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2579NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2580 PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2581
2582#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
2583typedef struct _RTL_CRITICAL_SECTION
2584{
2585 struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
2586 LONG LockCount;
2587 LONG Recursioncount;
2588 HANDLE OwningThread;
2589 HANDLE LockSemaphore;
2590 ULONG_PTR SpinCount;
2591} RTL_CRITICAL_SECTION;
2592typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
2593#endif
2594
2595/*NTSYSAPI ULONG NTAPI RtlNtStatusToDosError(NTSTATUS rcNt);*/
2596
2597/** @def RTL_QUERY_REGISTRY_TYPECHECK
2598 * WDK 8.1+, backported in updates, ignored in older. */
2599#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) || defined(DOXYGEN_RUNNING)
2600# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
2601#endif
2602/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
2603 * WDK 8.1+, backported in updates, ignored in older. */
2604#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) || defined(DOXYGEN_RUNNING)
2605# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
2606#endif
2607
2608
2609RT_C_DECLS_END
2610/** @} */
2611
2612
2613#if defined(IN_RING0) || defined(DOXYGEN_RUNNING)
2614/** @name NT Kernel APIs
2615 * @{ */
2616RT_C_DECLS_BEGIN
2617
2618typedef ULONG KEPROCESSORINDEX; /**< Bitmap indexes != process numbers, apparently. */
2619
2620NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
2621typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
2622NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2623typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2624NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2625typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2626NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2627typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2628NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2629typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2630NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2631typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2632NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2633typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2634NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2635typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2636NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2637typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2638NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2639typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2640/** Works like anding the complemented subtrahend with the minuend. */
2641NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2642typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2643NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2644typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2645NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
2646typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2647NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2648typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2649NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
2650typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2651NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
2652typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2653typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
2654typedef KEPROCESSORINDEX (NTAPI *PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER *pProcNumber);
2655typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER *pProcNumber);
2656typedef KEPROCESSORINDEX (NTAPI *PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER *pProcNumber);
2657typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
2658typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
2659typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
2660typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
2661typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY *pfActiveProcessors);
2662typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
2663typedef NTSTATUS (NTAPI *PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER *pProcNumber,
2664 LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
2665 SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
2666typedef PVOID (NTAPI *PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void *pvUser, ULONG fFlags);
2667typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
2668typedef NTSTATUS (NTAPI *PFNKESETTARGETPROCESSORDPCEX)(KDPC *pDpc, PROCESSOR_NUMBER *pProcNumber);
2669typedef LOGICAL (NTAPI *PFNKESHOULDYIELDPROCESSOR)(void);
2670
2671NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2672 PVOID pvOptionalConditions, PHANDLE phFound);
2673NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2674 ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2675 KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2676NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2677NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2678NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2679NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2680extern DECLIMPORT(POBJECT_TYPE *) LpcPortObjectType; /**< In vista+ this is the ALPC port object type. */
2681extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType; /**< In vista+ this is the ALPC port object type. */
2682
2683typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
2684typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
2685
2686RT_C_DECLS_END
2687/** @ */
2688#endif /* IN_RING0 */
2689
2690
2691#if defined(IN_RING3) || defined(DOXYGEN_RUNNING)
2692/** @name NT Userland APIs
2693 * @{ */
2694RT_C_DECLS_BEGIN
2695
2696#if 0 /** @todo figure this out some time... */
2697typedef struct CSR_MSG_DATA_CREATED_PROCESS
2698{
2699 HANDLE hProcess;
2700 HANDLE hThread;
2701 CLIENT_ID
2702 DWORD idProcess;
2703 DWORD idThread;
2704 DWORD fCreate;
2705
2706} CSR_MSG_DATA_CREATED_PROCESS;
2707
2708#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2709#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2710NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2711#endif
2712
2713NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2714
2715typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
2716{
2717 ULONG Flags;
2718 PCUNICODE_STRING FullDllName;
2719 PCUNICODE_STRING BaseDllName;
2720 PVOID DllBase;
2721 ULONG SizeOfImage;
2722} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
2723typedef LDR_DLL_LOADED_NOTIFICATION_DATA *PLDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2724typedef LDR_DLL_LOADED_NOTIFICATION_DATA const *PCLDR_DLL_LOADED_NOTIFICATION_DATA, *PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2725
2726typedef union _LDR_DLL_NOTIFICATION_DATA
2727{
2728 LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
2729 LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
2730} LDR_DLL_NOTIFICATION_DATA;
2731typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
2732typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
2733
2734typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
2735
2736#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
2737#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
2738NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
2739 PVOID *pvCookie);
2740typedef NTSTATUS (NTAPI *PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID *);
2741NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
2742typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
2743
2744NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2745 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2746typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2747 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2748NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
2749typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
2750NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2751 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2752typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2753 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2754#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
2755#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
2756/** @since Windows XP. */
2757NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2758 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2759/** @since Windows XP. */
2760typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2761 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2762/** @since Windows 7. */
2763NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
2764/** @since Windows 7. */
2765typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
2766/** @since Windows 7. */
2767NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2768 OUT PHANDLE phDll);
2769/** @since Windows 7. */
2770typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2771 OUT PHANDLE phDll);
2772#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
2773NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
2774typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
2775NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2776 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2777typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
2778 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2779#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
2780/** @since Windows Vista. */
2781NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2782 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2783/** @since Windows Vista. */
2784typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2785 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2786#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2787#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
2788#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
2789#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
2790#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
2791/** @since Windows XP. */
2792NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2793/** @since Windows XP. */
2794typedef NTSTATUS (NTAPI *PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2795#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2796/** @since Windows XP. */
2797NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
2798/** @since Windows XP. */
2799typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
2800
2801NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2802NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /**< Vista and later. */
2803NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2804NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2805 IN PCUNICODE_STRING pOrgName,
2806 IN PUNICODE_STRING pDefaultSuffix,
2807 IN OUT PUNICODE_STRING pStaticString,
2808 IN OUT PUNICODE_STRING pDynamicString,
2809 IN OUT PUNICODE_STRING *ppResultString,
2810 IN PULONG pfNewFlags OPTIONAL,
2811 IN PSIZE_T pcbFilename OPTIONAL,
2812 IN PSIZE_T pcbNeeded OPTIONAL);
2813/** @since Windows 8.
2814 * @note Status code is always zero in windows 10 build 14393. */
2815NTSYSAPI NTSTATUS NTAPI ApiSetQueryApiSetPresence(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
2816/** @copydoc ApiSetQueryApiSetPresence */
2817typedef NTSTATUS (NTAPI *PFNAPISETQUERYAPISETPRESENCE)(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
2818
2819
2820# ifdef IPRT_NT_USE_WINTERNL
2821typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2822typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2823typedef struct _RTL_HEAP_PARAMETERS
2824{
2825 ULONG Length;
2826 SIZE_T SegmentReserve;
2827 SIZE_T SegmentCommit;
2828 SIZE_T DeCommitFreeBlockThreshold;
2829 SIZE_T DeCommitTotalFreeThreshold;
2830 SIZE_T MaximumAllocationSize;
2831 SIZE_T VirtualMemoryThreshold;
2832 SIZE_T InitialCommit;
2833 SIZE_T InitialReserve;
2834 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2835 SIZE_T Reserved[2];
2836} RTL_HEAP_PARAMETERS;
2837typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2838NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2839 PRTL_HEAP_PARAMETERS pParameters);
2840/** @name Heap flags (for RtlCreateHeap).
2841 * @{ */
2842/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2843# define HEAP_GROWABLE UINT32_C(0x00000002)
2844# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2845# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2846# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2847# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2848# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2849# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2850# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2851# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2852# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2853# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2854# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2855# define HEAP_CLASS_0 UINT32_C(0x00000000)
2856# define HEAP_CLASS_1 UINT32_C(0x00001000)
2857# define HEAP_CLASS_2 UINT32_C(0x00002000)
2858# define HEAP_CLASS_3 UINT32_C(0x00003000)
2859# define HEAP_CLASS_4 UINT32_C(0x00004000)
2860# define HEAP_CLASS_5 UINT32_C(0x00005000)
2861# define HEAP_CLASS_6 UINT32_C(0x00006000)
2862# define HEAP_CLASS_7 UINT32_C(0x00007000)
2863# define HEAP_CLASS_8 UINT32_C(0x00008000)
2864# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2865# endif
2866# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2867# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2868# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2869# define HEAP_CLASS_GDI HEAP_CLASS_3
2870# define HEAP_CLASS_USER HEAP_CLASS_4
2871# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2872# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2873# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2874# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2875# ifdef IPRT_NT_USE_WINTERNL
2876/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2877# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2878# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2879# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2880# endif /* IPRT_NT_USE_WINTERNL */
2881/** @} */
2882# ifdef IPRT_NT_USE_WINTERNL
2883/** @name Heap tagging constants
2884 * @{ */
2885# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2886/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2887# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2888# define HEAP_TAG_SHIFT 18 */
2889# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2890/** @} */
2891NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2892NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2893NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2894# endif /* IPRT_NT_USE_WINTERNL */
2895NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2896NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2897NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2898NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2899NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2900NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2901NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2902NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2903NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
2904NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
2905typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
2906NTSYSAPI uint64_t NTAPI RtlGetInterruptTimePrecise(uint64_t *puPerfTime);
2907typedef uint64_t (NTAPI * PFNRTLGETINTERRUPTTIMEPRECISE)(uint64_t *);
2908NTSYSAPI BOOLEAN NTAPI RtlQueryUnbiasedInterruptTime(uint64_t *puInterruptTime);
2909typedef BOOLEAN (NTAPI * PFNRTLQUERYUNBIASEDINTERRUPTTIME)(uint64_t *);
2910
2911RT_C_DECLS_END
2912/** @} */
2913#endif /* IN_RING3 */
2914
2915#endif
2916
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette